May 2017 - cdi-dev - Jboss List Archives

[JBoss JIRA] (CDI-702) Observers in CDI extensions can see classes they should not be able to

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/CDI-702?page=com.atlassian.jira.plugin.sy... ] Martin Kouba commented on CDI-702: ---------------------------------- For the record: the *Observer resolution* section in the CDI spec does not mention "accessibility" or "observability" at all (unlike dependency injection). An event is delivered to an observer method if it belongs to an enabled bean and an event type is assignable. Also accessibility rules do not help e.g. if there is an extension with a similar observer: {code:java} void observe(ProcessAnnotatedType<?> event) { if (event.getAnnotatedType().isAnnotationPresent(Foo.class)) { event.veto(); } } {code} It should be able to observe all PAT events for all types in a CDI application (of course, we assume the Weld interpretation of {{@ApplicationScoped}}). That's what CDI spec currently requires. So this issue is more about defining boundaries for events delivery. > Observers in CDI extensions can see classes they should not be able to > ---------------------------------------------------------------------- > > Key: CDI-702 > URL: https://issues.jboss.org/browse/CDI-702 > Project: CDI Specification Issues > Issue Type: Clarification > Components: Portable Extensions > Affects Versions: 1.2.Final, 1.1.Final, 2.0 .Final > Reporter: Emily Jiang > Priority: Critical > > We observe a undesired behavior on Weld, which is during CDI bootstrap, all classes from both the EAR lib folder and all WAR lib folders are available to CDI extensions in the EAR lib folder as well as to CDI extensions in all WAR lib folders. Basically, the extension class can see everything in an .ear regardless where the extension class resides. It completely ignores classloading hierarchy. > This kind of contradicts with the classloading rules, where separate .war archives packaged under the same .ear should not be able to see each other's class by default, unless they both use the same classloader. > We discussed with Weld dev team (Martin, Thomas, Matej) and Anotine. The feedback is that CDI spec is unclear on the "observer resolution". I would like to relaunch the discussion to make this clarified and fixed. Please comment. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 7 months

1
0
0 / 0

[JBoss JIRA] (CDI-702) Observers in CDI extensions can see classes they should not be able to

by John Ament (JIRA)

[ https://issues.jboss.org/browse/CDI-702?page=com.atlassian.jira.plugin.sy... ] John Ament commented on CDI-702: -------------------------------- The description of this issue is unclear. Are you seeing all events being fired or only certain events? Where in the archive is the extension registered, a JAR within the EAR's lib folder? Within the WAR file? Within a library within the WAR file? > Observers in CDI extensions can see classes they should not be able to > ---------------------------------------------------------------------- > > Key: CDI-702 > URL: https://issues.jboss.org/browse/CDI-702 > Project: CDI Specification Issues > Issue Type: Clarification > Components: Portable Extensions > Affects Versions: 1.2.Final, 1.1.Final, 2.0 .Final > Reporter: Emily Jiang > Priority: Critical > > We observe a undesired behavior on Weld, which is during CDI bootstrap, all classes from both the EAR lib folder and all WAR lib folders are available to CDI extensions in the EAR lib folder as well as to CDI extensions in all WAR lib folders. Basically, the extension class can see everything in an .ear regardless where the extension class resides. It completely ignores classloading hierarchy. > This kind of contradicts with the classloading rules, where separate .war archives packaged under the same .ear should not be able to see each other's class by default, unless they both use the same classloader. > We discussed with Weld dev team (Martin, Thomas, Matej) and Anotine. The feedback is that CDI spec is unclear on the "observer resolution". I would like to relaunch the discussion to make this clarified and fixed. Please comment. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 7 months

1
0
0 / 0

[JBoss JIRA] (CDI-702) Observers in CDI extensions can see classes they should not be able to

by Emily Jiang (JIRA)

Emily Jiang created CDI-702: ------------------------------- Summary: Observers in CDI extensions can see classes they should not be able to Key: CDI-702 URL: https://issues.jboss.org/browse/CDI-702 Project: CDI Specification Issues Issue Type: Clarification Components: Portable Extensions Affects Versions: 2.0 .Final, 1.1.Final, 1.2.Final Reporter: Emily Jiang Priority: Critical We observe a undesired behavior on Weld, which is during CDI bootstrap, all classes from both the EAR lib folder and all WAR lib folders are available to CDI extensions in the EAR lib folder as well as to CDI extensions in all WAR lib folders. Basically, the extension class can see everything in an .ear regardless where the extension class resides. It completely ignores classloading hierarchy. This kind of contradicts with the classloading rules, where separate .war archives packaged under the same .ear should not be able to see each other's class by default, unless they both use the same classloader. We discussed with Weld dev team (Martin, Thomas, Matej) and Anotine. The feedback is that CDI spec is unclear on the "observer resolution". I would like to relaunch the discussion to make this clarified and fixed. Please comment. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 7 months

1
0
0 / 0

[JBoss JIRA] (CDI-570) Weld shutdown in Java SE during asynch event calling

by Laird Nelson (JIRA)

[ https://issues.jboss.org/browse/CDI-570?page=com.atlassian.jira.plugin.sy... ] Laird Nelson commented on CDI-570: ---------------------------------- In case it is helpful: I put a [Github repository|https://github.com/ljnelson/weld-570] up that putters around with aspects related to this issue if anyone is interested. > Weld shutdown in Java SE during asynch event calling > ---------------------------------------------------- > > Key: CDI-570 > URL: https://issues.jboss.org/browse/CDI-570 > Project: CDI Specification Issues > Issue Type: Feature Request > Components: Events > Affects Versions: 2.0-EDR1 > Reporter: Michael Remijan > > In a Java SE environment, there is no way to tell if there are async observers are in the process of being called when the time comes for the JVM to shut down. My assumption is the JVM should wait until all the async observers are complete before shutting down. Or perhaps this behavior can be configured through the CDI object, system property, or beans.xml -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 7 months

1
0
0 / 0

Passed: cdi-spec/cdi#367 (master - 3f5e78f)

by Travis CI

Build Update for cdi-spec/cdi ------------------------------------- Build: #367 Status: Passed Duration: 3 minutes and 35 seconds Commit: 3f5e78f (master) Author: Antoine Sabot-Durand Message: Prepare for development of 2.1-SNAPSHOT View the changeset: https://github.com/cdi-spec/cdi/compare/5c0ab0d365e8...3f5e78f927e5 View the full build log and details: https://travis-ci.org/cdi-spec/cdi/builds/230684546?utm_source=email&utm_... -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications

7 years, 7 months

1
0
0 / 0

Errored: cdi-spec/cdi#366 (master - 5c0ab0d)

by Travis CI

Build Update for cdi-spec/cdi ------------------------------------- Build: #366 Status: Errored Duration: 4 minutes and 20 seconds Commit: 5c0ab0d (master) Author: Antoine Sabot-Durand Message: Prepare for development of 2.0-SNAPSHOT View the changeset: https://github.com/cdi-spec/cdi/compare/c95203716d8c...5c0ab0d365e8 View the full build log and details: https://travis-ci.org/cdi-spec/cdi/builds/230668473?utm_source=email&utm_... -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications

7 years, 7 months

1
0
0 / 0

CDI 2.0 hit maven Central

by Antoine Sabot-Durand

Hi all, CDI 2.0 is now available in maven central: http://search.maven.org/#artifactdetails|javax.enterprise|cdi-api|2.0|jar Antoine

7 years, 7 months

1
0
0 / 0

CDI 2.0 passed the final approval ballot

by Antoine Sabot-Durand

Hi all, In case you missed it, CDI 2.0 is now approved: https://jcp.org/en/jsr/results?id=5995 Thanks again for the great team work and hopping see you around for the next MR or JSR. Antoine

7 years, 7 months

5
4
0 / 0

Re: [cdi-dev] do you like it or not?

by antoine

Hello friend, Just take a look at that stuff I've just found on the web, do you like it or not? Check it out http://seaadsa.circlemotel.net Sincerely yours, antoine From: cdi-dev [mailto:cdi-dev@lists.jboss.org] Sent: Sunday, April 30, 2017 10:38 PM To: antoine(a)sabot-durand.net Subject: The food It's a non tariff trade barrier. If foreigners try to import bathroom scales that can't display weight in stones we burn them in The Wicker Man. Come to think of it, it's not really a non tariff trade barrier. It's more like a psychotic country bumpkin thing. Got to go, we're still burning city types after the solstice. They tried to order beer in pints instead of hemisemidemihemisemidemihemisemidemihogsheads at the local, The Slaughtered Goat. Sent from Mail for Windows 10

7 years, 8 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

cdi-dev May 2017