Francesco Mari created OAK-3392: ----------------------------------- Summary: Security shouldn't be bound to a SecurityProvider Key: OAK-3392 URL: https://issues.apache.org/jira/browse/OAK-3392 Project: Jackrabbit Oak Issue Type: Improvement Components: core Affects Versions: 1.3.5 Reporter: Francesco Mari Assignee: Francesco Mari
{{ConfigurationBase}}, the base class for security configurations, allows a {{SecurityProvider}} to be injected in a security configuration at will. This mechanism is used to implement a basic form dependency injection in {{SecurityProviderImpl}}, where every configuration receives a the instance of {{SecurityProviderImpl}} that is currently using it. This mechanism is problematic in a dynamic scenario like OSGi, where a security configuration can be loaded independently from the {{SecurityProvider}} that is using it. Moreover, if multiple implementations of {{SecurityProvider}} are available, it is impossible to determine which instance of {{SecurityProvider}} will be injected in the security configuration. I suggest to remove the reference to a {{SecurityProvider}} in the security configurations. If a {{SecurityProvider}} is needed, it should be instead passed as parameter in the appropriate methods. -- This message was sent by Atlassian JIRA (v6.3.4#6332)