jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chetan Mehrotra (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OAK-3201) Use static references in SecurityProviderImpl for composite services
Date Thu, 17 Sep 2015 07:38:46 GMT

    [ https://issues.apache.org/jira/browse/OAK-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14791725#comment-14791725

Chetan Mehrotra commented on OAK-3201:

bq. This may work the first time, but it doesn't work if another, non-required PrincipalConfiguration
or TokenConfiguration is subsequently bound to SecurityProviderRegistration.

I thought that it was concluded that Security system technically cannot support OSGi dynamics
i.e. all such dependencies are considered required. None of the dependency can be considered
optional at all as its hard to reason for scenarios where SecurityProvider continues to work
in absence of an optional dependency. 

bq. Moreover, an unregistration of the SecurityProvider followed by a registration creates
a new instance of SecurityProvider that has to be bound to the configurations (again).

Yup but I do not see how that is related to current proposed approach. SecurityProvider goes
away -> Repository shutdown and thus all other sub system stop making use of that config.
SecurityProvider comes again -> Repository starts again and then all other sub system fetch
new config. 

bq. I already provide a default value, which is the empty array. If you think that the default
value should be the PIDs of services that I think should be required, I don't feel comfortable
with that.

I am not very sure but then it needs to be validated with a test. Just specifying the default
value would only help in populating the config form in Felix Web Console. As the component
does not have config policy of required it would start without any explicit config and in
that case the pid would be null. So once we make this change then for it to be really effective
we would also need to provision the default config. So something to be aware of 

> Use static references in SecurityProviderImpl for composite services
> --------------------------------------------------------------------
>                 Key: OAK-3201
>                 URL: https://issues.apache.org/jira/browse/OAK-3201
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>            Reporter: Francesco Mari
>            Assignee: Francesco Mari
>             Fix For: 1.3.7
>         Attachments: OAK-3201-01.patch, OAK-3201-02.patch, OAK-3201-03.patch, OAK-3201-04.patch,
OAK-3201-05.patch, OAK-3201-06.patch, OAK-3201-07.patch, OAK-3201-08.patch, mbean-test.log
> {{SecurityProviderImpl}} has dynamic references to many other services, like {{RestrictionProvider}},
that represent the configuration of this component.
> Being these services dynamic, the OSGi runtime has no clear dependency relationship between
the {{SecurityProviderImpl}} and the required services. Thus, it may happen that an instance
of {{SecurityProviderImpl}} is published before the services it requires are started, creating
a window where the {{SecurityProviderimpl}} is operating differently from the way it's configured.
> I suggest to turn the dynamic references in {{SecurityProviderImpl}} to static ones to
improve the consistency of the implementation.

This message was sent by Atlassian JIRA

View raw message