[ https://issues.apache.org/jira/browse/OAK-3392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Mari resolved OAK-3392. --------------------------------- Resolution: Won't Fix This issue doesn't seem to be a problem at the moment. > Security configurations shouldn't be bound to a SecurityProvider > ---------------------------------------------------------------- > > Key: OAK-3392 > URL: https://issues.apache.org/jira/browse/OAK-3392 > Project: Jackrabbit Oak > Issue Type: Wish > Components: core > Affects Versions: 1.3.5 > Reporter: Francesco Mari > Assignee: Francesco Mari > > {{ConfigurationBase}}, the base class for security configurations, allows a > {{SecurityProvider}} to be injected in a security configuration at will. This > mechanism is used to implement a basic form dependency injection in > {{SecurityProviderImpl}}, where every configuration receives a the instance > of {{SecurityProviderImpl}} that is currently using it. > This mechanism is problematic in a dynamic scenario like OSGi, where a > security configuration can be loaded independently from the > {{SecurityProvider}} that is using it. Moreover, if multiple implementations > of {{SecurityProvider}} are available, it is impossible to determine which > instance of {{SecurityProvider}} will be injected in the security > configuration. > I suggest to remove the reference to a {{SecurityProvider}} in the security > configurations. If a {{SecurityProvider}} is needed, it should be instead > passed as parameter in the appropriate methods. -- This message was sent by Atlassian JIRA (v6.3.4#6332)