[
https://issues.apache.org/jira/browse/OAK-9047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098938#comment-17098938
]
Robert Munteanu commented on OAK-9047:
--------------------------------------
IIUC the root problem is that start components before configurations are
applied. If we apply this policy to the SecurityProviderRegistration, it will
only activate once the configurations are applied. It may be that I am wrong, I
experimented this this some months ago.
[~angela] - the BC breakage is that existing deployments will need to add an
explicit configuration, even if using the default values for the
SecurityProviderRegistration.
> Make the DefaultAuthorizableActionProvider require a configuration
> ------------------------------------------------------------------
>
> Key: OAK-9047
> URL: https://issues.apache.org/jira/browse/OAK-9047
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: security-spi
> Reporter: Konrad Windszus
> Priority: Major
>
> Currently configuring the {{DefaultAuthorizableActionProvider}} leads to
> restart of the Oak repository in the context of
> https://issues.apache.org/jira/browse/SLING-7811?focusedCommentId=16573171&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16573171.
>
> It would make sense to only start the service
> https://github.com/apache/jackrabbit-oak/blob/1f90e8c632868e658cc60b95bc5ec49182c4e173/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java#L45
> once a mandatory configuration is in place.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
