You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-dev@jackrabbit.apache.org by Chetan Mehrotra <ch...@gmail.com> on 2014/03/04 16:13:37 UTC
Oak SecurityConfiguration and OSGi dynamism
Hi,
Currently the Oak SecurityProviderImpl [1] has references to multiple
configuration types. These configuration are using static policy (the
default policy). Due to this SecurityProvider gets activated and
deactivated multiple times in OSGi based system and causes the
repository also to recycle
The problem is SecurityConfig has two types of config
a. Dynamic - Which can be changed while system is running
b. Static - These should never be changed once repository starts like user home
Now say in an OSGi based deployed the application has explicit
configuration for UserConfiguration then following flow happens
1. System starts and oak-core bundle starts. So far no config is
detected by OSGi ConfigAdmin hence the UserConfigurationImpl starts
with default value. Note it does not have any configuration policy so
it would be started irrespective any config is present or not
2. SecurityProviderImpl gets initialized with all its dependencies
3. Repository gets created as SecurityProvider and NodeStore are registered
4. ConfigAdmin detects the config for UserConfigurationImpl.
UserConfigurationImpl get deactivated and reactivated
5. This triggers deactivation and reactivation of SecurityProviderImpl
-> Repository
Above flow may or may not happen depending on timings and hence system
startup sequence is non deterministic. To have a deterministic startup
sequence SecurityProviderImpl should only be registerd when all
required configuration are registered and security config is stable.
One approach that can be used is
1. Have a framework property which specifies that what all security
configurations are being customized by the application
2. Then SecurityProviderImpl waits for configuration for those types
to be made available
3. For others it starts with default value
4. Once all the requirements are met it registers itself with OSGi SR
I am facing this issue when running Oak with PojoSR [2]. The system
startup is non deterministic and test case fails randomly
Chetan Mehrotra
[1] https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java#L74-73
[2] https://github.com/chetanmeh/oak-pojosr/tree/simple