[jira] [Commented] (OAK-3201) Use static references in SecurityProviderImpl for composite services

Wed, 09 Sep 2015 03:01:05 -0700 

    [ 
https://issues.apache.org/jira/browse/OAK-3201?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736579#comment-14736579
 ] 

Chetan Mehrotra commented on OAK-3201:
--------------------------------------

bq. Every deployment using the current version of SecurityProviderImpl is 
broken anyway. Maybe the bug didn't hit them, but it's there.

Ack there is a race condition and a small potential window where security 
provider is not stable. But one fix cannot break other parts. We should still 
be able to come up with a fix which can address the current issue without 
breaking backward compatibility and loss of current featureset. Also even with 
current proposed approach it would not be possible to support multiple 
restriction providers 

bq. Talking about dynamism, why the relationships to those interfaces are 
modeled that way? Do we really expect a RestrictionProvider or an 
AuthorizableNodeName to come and go at runtime?

I cannot comment on that as I have not implemented that part. However for any 
logic which supports multiple implementations (kind of multiplexing) such 
problem exist

> Use static references in SecurityProviderImpl for composite services
> --------------------------------------------------------------------
>
>                 Key: OAK-3201
>                 URL: https://issues.apache.org/jira/browse/OAK-3201
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>            Reporter: Francesco Mari
>            Assignee: Francesco Mari
>             Fix For: 1.3.6
>
>         Attachments: OAK-3201-01.patch, OAK-3201-02.patch, OAK-3201-03.patch, 
> mbean-test.log
>
>
> {{SecurityProviderImpl}} has dynamic references to many other services, like 
> {{RestrictionProvider}}, that represent the configuration of this component.
> Being these services dynamic, the OSGi runtime has no clear dependency 
> relationship between the {{SecurityProviderImpl}} and the required services. 
> Thus, it may happen that an instance of {{SecurityProviderImpl}} is published 
> before the services it requires are started, creating a window where the 
> {{SecurityProviderimpl}} is operating differently from the way it's 
> configured.
> I suggest to turn the dynamic references in {{SecurityProviderImpl}} to 
> static ones to improve the consistency of the implementation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to