[cdi-dev] [JBoss JIRA] (CDI-722) backward incompatible change for BEFORE_COMPLETION

Mark Struberg (JIRA) issues at jboss.org
Mon Feb 5 09:38:01 EST 2018 

    [ https://issues.jboss.org/browse/CDI-722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13528492#comment-13528492 ] 

Mark Struberg commented on CDI-722:
-----------------------------------

Thanks for confirming. 
 
While thinking about it I believe there are actually good use cases for both ways.
Sometimes you want to use the security context of the em.fire and in other situations you need it to be from the commit operation. It really depends on the actual use case. Otoh this is probably a < 0.1% situation as most cases do not even care about the EE security context at all. So not sure whether we should handle this at all. 
After all the actual observer could still use annotations to trigger a a privilege change.

> backward incompatible change for BEFORE_COMPLETION
> --------------------------------------------------
>
>                 Key: CDI-722
>                 URL: https://issues.jboss.org/browse/CDI-722
>             Project: CDI Specification Issues
>          Issue Type: Bug
>          Components: Java EE integration
>    Affects Versions: 2.0 .Final
>            Reporter: Mark Struberg
>
> The split from the original documentation to a SE+EE doc did introduce a backward incompatibility to CDI-1.2, CDI-1.1 and CDI-1.0.
> The CDI-2.0 spec states in 24.1.2:
> {noformat}
> 24.1.2. Observer method invocation context in Java EE
> When Running in Java EE, the container must extend the rules defined in Observer method invocation context and must also ensure that all kinds of observers are called in the same client security context as the invocation of Event.fire() or Event.fireAsync() or BeanManager.fireEvent().
> {noformat}
> Whereas older CDI specs are defined as:
> {noformat}
> If the observer method is a before completion transactional observer method, it is called within the context of the transaction that is about to complete and with the same client security context and lifecycle contexts.
> {noformat}
> With other words, in the older specs the security context was always the same context of the operation which calls the final commit operation. 
> The change in CDI-2.0 is thus a backward incompatible wording.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the cdi-dev mailing list