jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francesco Mari (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OAK-3392) Security shouldn't be bound to a SecurityProvider
Date Thu, 10 Sep 2015 15:07:45 GMT
Francesco Mari created OAK-3392:

             Summary: Security shouldn't be bound to a SecurityProvider
                 Key: OAK-3392
                 URL: https://issues.apache.org/jira/browse/OAK-3392
             Project: Jackrabbit Oak
          Issue Type: Improvement
          Components: core
    Affects Versions: 1.3.5
            Reporter: Francesco Mari
            Assignee: Francesco Mari

{{ConfigurationBase}}, the base class for security configurations, allows a  {{SecurityProvider}}
to be injected in a security configuration at will. This mechanism is used to implement a
basic form dependency injection in {{SecurityProviderImpl}}, where every configuration receives
a the instance of {{SecurityProviderImpl}} that is currently using it.

This mechanism is problematic in a dynamic scenario like OSGi, where a security configuration
can be loaded independently from the {{SecurityProvider}} that is using it. Moreover, if multiple
implementations of {{SecurityProvider}} are available, it is impossible to determine which
instance of {{SecurityProvider}} will be injected in the security configuration.

I suggest to remove the reference to a {{SecurityProvider}} in the security configurations.
If a {{SecurityProvider}} is needed, it should be instead passed as parameter in the appropriate

This message was sent by Atlassian JIRA

View raw message