Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-3392

Security configurations shouldn't be bound to a SecurityProvider

    XMLWordPrintableJSON

Details

    • Wish
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 1.3.5
    • None
    • core
    • None

    Description

      ConfigurationBase, the base class for security configurations, allows a SecurityProvider to be injected in a security configuration at will. This mechanism is used to implement a basic form dependency injection in SecurityProviderImpl, where every configuration receives a the instance of SecurityProviderImpl that is currently using it.

      This mechanism is problematic in a dynamic scenario like OSGi, where a security configuration can be loaded independently from the SecurityProvider that is using it. Moreover, if multiple implementations of SecurityProvider are available, it is impossible to determine which instance of SecurityProvider will be injected in the security configuration.

      I suggest to remove the reference to a SecurityProvider in the security configurations. If a SecurityProvider is needed, it should be instead passed as parameter in the appropriate methods.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. OAK-3201 Use static references in SecurityProviderImpl for composite services

          • Major - Major loss of function.
          • Closed

          Activity

            People

              frm Francesco Mari
              frm Francesco Mari
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: