You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2016/02/11 18:34:18 UTC

[jira] [Commented] (OAK-3274) DefaultSyncConfigImpl: add information to "user.membershipExpTime" about minimum expiration time

    [ https://issues.apache.org/jira/browse/OAK-3274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15143115#comment-15143115 ] 

angela commented on OAK-3274:
-----------------------------

[~kwin], i had a quick look at {{DefaultSyncContext}} and from my understanding there are 2 conditions that may lead to to the user sync and the conditional membership-sync at the end of the call:

- {{forceUserSync}} => public setter on the {{DefaultSyncContext}}
- configured expiration time of the user

In the former case the user will be synchronized and the membership-expiration time is actually needed to prevent eager group-membership synchronization... in this case it actually might have a value that is less than the {{user.expirationTime}}.

> DefaultSyncConfigImpl: add information to "user.membershipExpTime" about minimum expiration time
> ------------------------------------------------------------------------------------------------
>
>                 Key: OAK-3274
>                 URL: https://issues.apache.org/jira/browse/OAK-3274
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: auth-external
>    Affects Versions: 1.3.5
>            Reporter: Konrad Windszus
>            Priority: Trivial
>
> The {{user.membershipExpTime}} property cannot have a value which is less than the value of the {{user.expirationTime}}. Please add this information to the OSGi property description. Otherwise it is hard to debug issues here.
> The reason why {{user.expirationTime}} must be less or equal to {{user.membershipExpTime}} is in https://github.com/apache/jackrabbit-oak/blob/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java#L421.
> Since {{syncMembership}} is only called after the {{user.expirationTime}} guard, it cannot be updated more often than the user itself.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)