[
https://issues.apache.org/jira/browse/OAK-7498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela updated OAK-7498:
------------------------
Description:
[~stillalex], I have been looking at the remaining dependencies of the oak
security code base to implementation details in oak-core and found the
following main categories (in order of frequency):
- dependency to 'plugins' like nodetype/namespace/version/identifier
management, read-only (OAK-7499)
- dependency to indexing implementation details (mainly in repository
initializers): {{IndexConstants}}, {{IndexUtils}} (OAK-7501), hardcoded
{{*IndexProvider}} (OAK-7500)
- hardcoded {{RootProviderService}} and {{TreeProviderService}} in
{{SecurityProviderBuilder}} and the deprecated {{SecurityProviderImpl}}
- one usage of {{ReadWriteVersionManager.getOrCreateVersionHistory}} in
{{VersionablePathHook}}
- one usage of {{RootFactory.createSystemRoot}} in {{UserInitializer}} linked
to the setup of indices.
IMO it would be desirable to get rid of these dependencies implementation
details (at least in the security code base in an initial stage).
was:
[~stillalex], I have been looking at the remaining dependencies of the oak
security code base to implementation details in oak-core and found the
following main categories (in order of frequency):
- dependency to 'plugins' like nodetype/namespace/version/identifier
management, read-only (OAK-7499)
- dependency to indexing implementation details (mainly in repository
initializers): {{IndexConstants, {{IndexUtils}} (OAK-7501), hardcoded
{{*IndexProvider}} (OAK-7500)
- hardcoded {{RootProviderService}} and {{TreeProviderService}} in
{{SecurityProviderBuilder}} and the deprecated {{SecurityProviderImpl}}
- one usage of {{ReadWriteVersionManager.getOrCreateVersionHistory}} in
{{VersionablePathHook}}
- one usage of {{RootFactory.createSystemRoot}} in {{UserInitializer}} linked
to the setup of indices.
IMO it would be desirable to get rid of these dependencies implementation
details (at least in the security code base in an initial stage).
> Security code should not depend on implementation details in oak-core
> ---------------------------------------------------------------------
>
> Key: OAK-7498
> URL: https://issues.apache.org/jira/browse/OAK-7498
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: auth-external, auth-ldap, authorization-cug, core,
> security
> Reporter: angela
> Priority: Major
> Labels: m12n
>
> [~stillalex], I have been looking at the remaining dependencies of the oak
> security code base to implementation details in oak-core and found the
> following main categories (in order of frequency):
> - dependency to 'plugins' like nodetype/namespace/version/identifier
> management, read-only (OAK-7499)
> - dependency to indexing implementation details (mainly in repository
> initializers): {{IndexConstants}}, {{IndexUtils}} (OAK-7501), hardcoded
> {{*IndexProvider}} (OAK-7500)
> - hardcoded {{RootProviderService}} and {{TreeProviderService}} in
> {{SecurityProviderBuilder}} and the deprecated {{SecurityProviderImpl}}
> - one usage of {{ReadWriteVersionManager.getOrCreateVersionHistory}} in
> {{VersionablePathHook}}
> - one usage of {{RootFactory.createSystemRoot}} in {{UserInitializer}} linked
> to the setup of indices.
> IMO it would be desirable to get rid of these dependencies implementation
> details (at least in the security code base in an initial stage).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
