]
Mark Struberg commented on CDI-702:
-----------------------------------
The EE umbrella spec says that an application SHOULD provide isolation between WARs. There
is no MUST though.
Otoh the umbrella spec is rather clear that IF an app server chooses to provide isolation,
then it also must provide it for all parts.
Funnily right now one seems to get ProcessAnnotatedType for all classes (even from foreign
WARs), but getBeans() later (at Runtime) does properly isolate.
Observers in CDI extensions can see classes they should not be able
to
----------------------------------------------------------------------
Key: CDI-702
URL:
https://issues.jboss.org/browse/CDI-702
Project: CDI Specification Issues
Issue Type: Clarification
Components: Portable Extensions
Affects Versions: 1.2.Final, 1.1.Final, 2.0 .Final
Reporter: Emily Jiang
Priority: Critical
We observe a undesired behavior on Weld, which is during CDI bootstrap, all classes from
both the EAR lib folder and all WAR lib folders are available to CDI extensions in the EAR
lib folder as well as to CDI extensions in all WAR lib folders. Basically, the extension
class can see everything in an .ear regardless where the extension class resides. It
completely ignores classloading hierarchy.
e.g.
myApp.ear
lib\myLib.jar (LibExtensionA.class, LibOne.class)
myWarA.war (WarAExtension.class, myWarAServlet.class)
myWarB.war (WarBExtension.class, myWarBServlet.class)
In this example,LibExtensionA, WarAExtension and WarBExtension can observe the classes of
LibOne, myWarAServlet and myWarBServlet.
This kind of contradicts with the classloading rules, where separate .war archives
packaged under the same .ear should not be able to see each other's class by default,
unless they both use the same classloader.
We discussed with Weld dev team (Martin, Thomas, Matej) and Anotine. The feedback is that
CDI spec is unclear on the "observer resolution". I would like to relaunch the
discussion to make this clarified and fixed. Please comment.