[ https://issues.apache.org/jira/browse/OAK-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736394#comment-14736394 ]
Chetan Mehrotra commented on OAK-3201: -------------------------------------- bq. Not true. They can still do it, but they have to register a new implementation of the extension and deactivate the new one. That would then be a backward compatibility change. Also problem related to 1..N kind of references like RestrictionProvider still exist. > Use static references in SecurityProviderImpl for composite services > -------------------------------------------------------------------- > > Key: OAK-3201 > URL: https://issues.apache.org/jira/browse/OAK-3201 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core > Reporter: Francesco Mari > Assignee: Francesco Mari > Fix For: 1.3.6 > > Attachments: OAK-3201-01.patch, OAK-3201-02.patch, OAK-3201-03.patch, > mbean-test.log > > > {{SecurityProviderImpl}} has dynamic references to many other services, like > {{RestrictionProvider}}, that represent the configuration of this component. > Being these services dynamic, the OSGi runtime has no clear dependency > relationship between the {{SecurityProviderImpl}} and the required services. > Thus, it may happen that an instance of {{SecurityProviderImpl}} is published > before the services it requires are started, creating a window where the > {{SecurityProviderimpl}} is operating differently from the way it's > configured. > I suggest to turn the dynamic references in {{SecurityProviderImpl}} to > static ones to improve the consistency of the implementation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)