[cdi-dev] [JBoss JIRA] (CDI-739) Scope mismatch can lead to subtle bugs
Frigo Coder (Jira)
issues at jboss.org
Thu Nov 29 05:52:00 EST 2018
[ https://issues.jboss.org/browse/CDI-739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Frigo Coder updated CDI-739:
----------------------------
Steps to Reproduce:
- Create a @RequestScoped provider
- Return a non-proxyable object from it
- @Inject the object into an @ApplicationScoped bean
- Call the bean once to initialize the object
- Call the bean subsequent times
- Watch the object stay the same and incorrect for subsequent calls
was:
- Create a @RequestScoped provider
- Return a non-proxyable object from it
- @Inject the object into an @ApplicationScoped bean
- Call the bean once to initialize the object
- Call the bean subsequent times and watch the object stay the same
> Scope mismatch can lead to subtle bugs
> --------------------------------------
>
> Key: CDI-739
> URL: https://issues.jboss.org/browse/CDI-739
> Project: CDI Specification Issues
> Issue Type: Bug
> Components: Beans, Contexts, Java EE integration
> Reporter: Frigo Coder
> Priority: Minor
>
> CDI allows injection of a non-proxyable object created by a provider into higher level contextes. This can lead to subtle bugs, see the following example, the first username that accesses the service is returned for other users:
> {code:java}
> @ApplicationScoped
> public class ServiceClass {
> @Inject
> @UserName
> private String userName;
> }
> @RequestScoped
> public class UserNameProvider {
> @Inject
> private HttpServletRequest request;
> @Produces
> @UserName
> public String userName() {
> return request.getUserPrincipal().getName();
> }
> }
> {code}
> CDI should fail to start when it detects such a situation. Do note that this bug does not require direct injection (Service->userName), it can occur transitively as well (Service->User->userName).
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the cdi-dev
mailing list