Hi Emmanuel,Alex

I would like to add something to discussion.
More inline...

On Thu, Oct 13, 2011 at 3:23 PM, Alex Karasulu <akarasulu@apache.org> wrote:

On Thu, Oct 13, 2011 at 3:05 PM, Emmanuel Lécharny <elecharny@apache.org> wrote:
On 10/13/11 1:44 PM, Alex Karasulu wrote:
On Thu, Oct 13, 2011 at 2:20 PM, Emmanuel Lécharny<elecharny@apache.org>wrote:


Göktük asked if there is a way to transform Interceptors to be bundles
instead of being statically loaded in core.
This can be case yes, but i actually wanted them for further interceptors. We can keep core interceptors in place. Don't need to separate them all. Lets keep core interceptors in apacheds-core, and protocol specific interceptors in their protocol implementation. And then any other interceptor that comes and registers itself through OSGI can be attached to DirectoryService's interceptor list.  

I tried to play around the idea yesterday in the train, and I faced some
interesting challenges.

o First, many interecptors are doing calls to the chain again, but with a
restricted set of interceptors. For instance, in the SchemaInterceptor, we
go through the chain again when modifying the schema itself. In order to
speedup the operation, we declare a BYPASS sets of interceptors (I'm not
sure it's a good idea, but right now, this is how we proceed). At the end,
this BYPASS set is declared this way :

   private static final Collection<String>  BYPASS;

       Set<String>  c = new HashSet<String>();
       c.add( AuthenticationInterceptor.**class.getName() );
       c.add( AciAuthorizationInterceptor.**class.getName() );
       c.add( DefaultAuthorizationIntercepto**r.class.getName() );
       c.add( ExceptionInterceptor.class.**getName() );
       c.add( SchemaInterceptor.class.**getName() );
       BYPASS = Collections.**unmodifiableCollection( c );


As we can see, it creates a static dependency on interceptors. It might be
a better idea to use logical names instead of class names, and let the OSGi
container retrieve the classes itself.

This is a good idea. How about going a little further and having a set of
interceptor chain re-entry constants or set of enum values like:


etc ...

This is like saying we do not need authentication, authorization, additional
exception handling and checks or schema checking on re-entry instead of
having a direct list of interceptors to avoid.

That's a good idea.

One thing that might be problematic though is that we have no idea which interceptors are going to be present in the chain, so we may be unable to tell the chain not to use the interceptors added on the fly (for instance, the logger interceptor).

Good point. Perhaps this is where we can have some kind of generic property that states whether or not by default on re-entry the interceptor should be included or excluded. There's a system default, say exclude by default always. Then the interceptor might override this with some class property like excludeOnReentry? 

This way even though the IC does not know which interceptors are present it can react accordingly on reentry. So for this logger interceptor example it might have excludeOnReentry set to false in which case it will always be included when present which makes send. We would not add the interceptor if we did not want to log reentrant invocations.
I'd rather create a set of interceptors we want to go through, as we know which one we will use in those internal cases.

In any case, using constants instead of class name is the way to go.

Yes this is definitely the first step, perhaps the final step but perhaps you might want to entertain the idea of evaluating inclusion or exclusion based on properties. This makes debugging a tiny bit more complicated but it gives us a more pluggable way to manage the IC.

Then Interceptors when they register themselves can announce what standard
functions they perform according to this set. Some may not announce at all
if they perform none of these functions. This way the chain determines what
to include and what to exclude based on these properties. There's no direct
link with the interceptor itself and any implementation can be swapped in
and out.

This way we are letting the interceptor chain devise the proper chain of
interceptors based on these properties instead of using more explicit names
or direct references to the interceptor classes.

Ultimately, for each operation (add, delete, lookup, etc), we should be able to define the set of interceptors we are going through.

My thinking is to not define things in terms of interceptors to go through or not go through for each operation but rather we should define the aspects to include or exclude on re-entry into the IC for each operation. Keeping it generic this way, and having the Interceptor tell the IC which aspects it participates in allows the IC to include or exclude on re-entry.
This should be defined somewhere in the code, not in each interceptors. It may even be some configurable information...

I see two points of configuration. 

One configuration is the IC configuration it self which includes the aspects to include or exclude on re-entry for each of the add, delete, lookup etc operations. The IC itself is a component with this perspective.

The Interceptors themselves each have a configuration. In this configuration the Interceptor should expose what aspects it participates in. For example FooInterceptor might expose that it participates in the authentication aspect. This way the IC knows for example in a schema modification operation that causes re-entry to occur, this aspect is excluded say during a modify operation since the session is already authenticated (no need to perform this twice or on each re-entry into the IC). The FooInterceptor will be bypassed in this case.
For all the discussions above i may suggest using OSGI service properties. So we don't statically reference the specific interceptor class, we just get them using OSGI with some filter like (interceptor.type="AuthenticationInterceptor"). By this way we don't change a code much but we handle the decoupling.


There can also be other hint mechanisms given to the interceptor chain so it
can correctly asses which interceptors to include or exclude on re-entry.
For example there could be properties exposed for defaults on the
interceptor telling the chain always exclude on re-entry etc. There should
be some more thought put on this but the present situation as you state
sucks where OSGi and pluggability is concerned.
Right. We will try to get OSGi implemented anyway, and once it's done, we can start thinking about a better mechanism.
FYI, i just implemented dynamic Interceptor loading using IPojo. Its a starter implementation. We can  improve it using the ideas those come out from that mail. But you must now handling interceptor dynamism does not solved the problems. Now i've to solve problems about concurrency. java.util.concurrent classses are acting weird under OSGI.

Emmanuel Lécharny

Best Regards,
-- Alex