]
Frigo Coder updated CDI-739:
----------------------------
Environment: IBM WebSphere Liberty, Java EE 7.0 Full Platform
Scope mismatch can lead to subtle bugs
--------------------------------------
Key: CDI-739
URL:
https://issues.jboss.org/browse/CDI-739
Project: CDI Specification Issues
Issue Type: Bug
Components: Beans, Contexts, Java EE integration
Environment: IBM WebSphere Liberty, Java EE 7.0 Full Platform
Reporter: Frigo Coder
Priority: Major
CDI allows injection of a non-proxyable object created by a provider into higher level
contextes. This can lead to subtle bugs, see the following example, the first username
that accesses the service is returned for other users:
{code:java}
@ApplicationScoped
public class ServiceClass {
@Inject
@UserName
private String userName;
}
@RequestScoped
public class UserNameProvider {
@Inject
private HttpServletRequest request;
@Produces
@UserName
public String userName() {
return request.getUserPrincipal().getName();
}
}
{code}
CDI should fail to start when it detects such a situation. Do note that this bug does not
require direct injection (Service->userName), it can occur transitively as well
(Service->User->userName).