angela created OAK-7498:
---------------------------
Summary: Security code should not depend on implementation details
in oak-core
Key: OAK-7498
URL: https://issues.apache.org/jira/browse/OAK-7498
Project: Jackrabbit Oak
Issue Type: Improvement
Components: auth-external, auth-ldap, authorization-cug, core,
security
Reporter: angela
[~stillalex], I have been looking at the remaining dependencies of the oak
security code base to implementation details in oak-core and found the
following main categories (in order of frequency):
- dependency to 'plugins' like nodetype/namespace/version/identifier
management, read-only
- dependency to indexing implementation details (mainly in repository
initializers): {{IndexConstants, {{IndexUtils}}, hardcoded {{*IndexProvider}}
- hardcoded {{RootProviderService}} and {{TreeProviderService}} in
{{SecurityProviderBuilder}} and the deprecated {{SecurityProviderImpl}}
- one usage of {{ReadWriteVersionManager.getOrCreateVersionHistory}} in
{{VersionablePathHook}}
- one usage of {{RootFactory.createSystemRoot}} in {{UserInitializer}} linked
to the setup of indices.
IMO it would be desirable to get rid of these dependencies implementation
details (at least in the security code base in an initial stage).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
