[
https://issues.apache.org/jira/browse/OAK-6450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091487#comment-16091487
]
angela edited comment on OAK-6450 at 7/18/17 12:32 PM:
-------------------------------------------------------
[~rombert], the patch does not include an update of the Oak documentation,
which actually describes the required service ids. The following pages need to
be updated:
- http://jackrabbit.apache.org/oak/docs/security/introduction.html
- http://jackrabbit.apache.org/oak/docs/security/authorization/composite.html
- http://jackrabbit.apache.org/oak/docs/security/authorization/cug.html
As far as the actual patch is concerned:
- why are the {{RegistrationConstants}} located in
_org.apache.jackrabbit.oak.security.authorization_ package? that looks wrong to
me as it is used also in non-authorization packages.
- shouldn't these {{RegistrationConstants}} be public in the SPI space in order
to make sure that custom implementations can use it? i would love to get rid of
the {{oak-core}} dependencies in non-core modules (see also OAK-6318)
- i am not sure about the PN prefix with the {{RegistrationConstants}}. what
does it stand for?
and one more thing: unless already present i think the patch should come with
explicit testing for the new way and the compat-mode (and a mixture of both) in
order to make sure we don't break existing customers that have custom lists of
required service (such as e.g. Adobe AEM).
was (Author: anchela):
[~rombert], the patch does not include an update of the Oak documentation,
which actually describes the required service ids. The following pages need to
be updated:
- http://jackrabbit.apache.org/oak/docs/security/introduction.html
- http://jackrabbit.apache.org/oak/docs/security/authorization/composite.html
- http://jackrabbit.apache.org/oak/docs/security/authorization/cug.html
As far as the actual patch is concerned:
- why are the {{RegistrationConstants}} located in
_org.apache.jackrabbit.oak.security.authorization_ package? that looks wrong to
me as it is used also in non-authorization packages.
- shouldn't these {{RegistrationConstants}} be public in the SPI space in order
to make sure that custom implementations can use it? i would love to get rid of
the {{oak-core}} dependencies in non-core modules (see also OAK-6318)
- i am not sure about the PN prefix with the {{RegistrationConstants}}. what
does it stand for?
> Stop relying on the service.pid property in SecurityProviderRegistration
> ------------------------------------------------------------------------
>
> Key: OAK-6450
> URL: https://issues.apache.org/jira/browse/OAK-6450
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: security
> Reporter: Robert Munteanu
> Assignee: Robert Munteanu
> Fix For: 1.8, 1.7.4
>
> Attachments:
> 0001-OAK-6450-Stop-relying-on-the-service.pid-property-in.patch,
> 0002-OAK-6450-Stop-relying-on-the-service.pid-property-in.patch
>
>
> As discussed in OAK-6111, we should stop relying on the {{service.pid}} OSGi
> property for tracking required services as it was incorrectly set so far by
> the {{maven-scr-plugin}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
