]
Frigo Coder updated CDI-739:
----------------------------
Steps to Reproduce:
- Create a @RequestScoped provider
- Return a non-proxyable object from it
- @Inject the object into an @ApplicationScoped bean
- Call the bean once to initialize the object
- Call the bean subsequent times
- Watch the object stay the same and incorrect for subsequent calls
was:
- Create a @RequestScoped provider
- Return a non-proxyable object from it
- @Inject the object into an @ApplicationScoped bean
- Call the bean once to initialize the object
- Call the bean subsequent times and watch the object stay the same
Scope mismatch can lead to subtle bugs
--------------------------------------
Key: CDI-739
URL:
https://issues.jboss.org/browse/CDI-739
Project: CDI Specification Issues
Issue Type: Bug
Components: Beans, Contexts, Java EE integration
Reporter: Frigo Coder
Priority: Minor
CDI allows injection of a non-proxyable object created by a provider into higher level
contextes. This can lead to subtle bugs, see the following example, the first username
that accesses the service is returned for other users:
{code:java}
@ApplicationScoped
public class ServiceClass {
@Inject
@UserName
private String userName;
}
@RequestScoped
public class UserNameProvider {
@Inject
private HttpServletRequest request;
@Produces
@UserName
public String userName() {
return request.getUserPrincipal().getName();
}
}
{code}
CDI should fail to start when it detects such a situation. Do note that this bug does not
require direct injection (Service->userName), it can occur transitively as well
(Service->User->userName).