[jira] [Commented] (SLING-8869) SimpleHttpDistributionTransport does not refresh the secret for token based implementations.

Wed, 04 Dec 2019 08:06:45 -0800 


    [ 
https://issues.apache.org/jira/browse/SLING-8869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987967#comment-16987967
 ] 

Timothee Maret commented on SLING-8869:
---------------------------------------

{quote}It works fine for credentials based secret provider but not for access 
token based.
{quote}
True, but only by luck. 

If an Executor with a wrong pwd is cached then the only way to evict that 
executor is to recreate the DistributionTransportContext cache entirely. This 
happens currently because re-configuring a credential based secret provider 
will force the components referencing it to restart.

One way to handle this would be to evict the Executor based on the returned 
status code, 401 and 403.

 

 

Please open PRs instead of attaching patches, it's much easier to 
review/comment :)

> SimpleHttpDistributionTransport does not refresh the secret for token based 
> implementations.
> --------------------------------------------------------------------------------------------
>
>                 Key: SLING-8869
>                 URL: https://issues.apache.org/jira/browse/SLING-8869
>             Project: Sling
>          Issue Type: Bug
>          Components: Content Distribution
>            Reporter: Mohit Arora
>            Assignee: Timothee Maret
>            Priority: Critical
>             Fix For: Content Distribution Core 0.4.2
>
>         Attachments: SLING-8869-new.patch, SLING-8869.patch
>
>
> While saving the {{contextKeyExecutor}} in {{DistributionTransportContext}} 
> map, it is not expected that the secret associated with the executor could be 
> expired. This can happen in case of access token based implementations where 
> the token is expired after a certain period of time and has to be refreshed.
> The code to refresh the token is written in the secret provider but since the 
> executor is [cached in the 
> map|https://github.com/apache/sling-org-apache-sling-distribution-core/blob/master/src/main/java/org/apache/sling/distribution/transport/impl/SimpleHttpDistributionTransport.java#L208]
>  the secrets are not refreshed. It works fine for credentials based secret 
> provider but not for access token based.
> cc - [~marett]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to