Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-72592

SAML KeyStoreManager OSGi @Reference must be greedy to reference always the latest version to avoid read/write to random stores

    Details

      Description

      SAML certificates are read and written to different locations (DL vs FileSystem).

      Currently there are two implementations,

      @Component(
       configurationPid = "com.liferay.saml.runtime.configuration.SamlConfiguration",
       immediate = true, service = KeyStoreManager.class
      )
      public class FileSystemKeyStoreManagerImpl extends BaseKeyStoreManagerImpl \{
      
       
      
      @Component(
       configurationPid = "com.liferay.saml.runtime.configuration.SamlConfiguration",
       immediate = true, property = {"service.ranking:Integer=-1"},
       service = KeyStoreManager.class
      )
      public class DLKeyStoreManagerImpl extends BaseKeyStoreManagerImpl \{
      
      

      But having

      	@Reference()
      	private KeyStoreManager _keyStoreManager;
      

      is policyOption = ReferencePolicyOption.RELUCTANT by default, which means it will hold reference to the highest service ranking at that time but won't change if another service is registered after the field is initialized, regardless of the new service's service.ranking

      Cannot be easily tested due to random nature of components initialization order.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                2 years, 24 weeks, 3 days ago

                Packages

                Version Package
                7.0.X EE
                7.0.X