Frigo Coder created CDI-739: ------------------------------- Summary: Scope mismatch can lead to subtle bugs Key: CDI-739 URL: https://issues.jboss.org/browse/CDI-739 Project: CDI Specification Issues Issue Type: Bug Components: Beans, Contexts, Java EE integration Reporter: Frigo Coder CDI allows injection of a non-proxyable object created by a provider into higher level contextes. This can lead to subtle bugs, see the following example, the first username that accesses the service is returned for other users: {code:java} @ApplicationScoped public class ServiceClass { @Inject @UserName private String userName; } @RequestScoped public class UserNameProvider { @Inject private HttpServletRequest request; @Produces @UserName public String userName() { return request.getUserPrincipal().getName(); } } {code} CDI should fail to start when it detects such a situation. Do note that this bug does not require direct injection (Service->userName), it can occur transitively as well (Service->User->userName). -- This message was sent by Atlassian Jira (v7.12.1#712002)