[cdi-dev] [JBoss JIRA] (CDI-739) Scope mismatch can lead to subtle bugs
Frigo Coder (Jira)
issues at jboss.org
Thu Nov 29 06:06:00 EST 2018
[ https://issues.jboss.org/browse/CDI-739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Frigo Coder updated CDI-739:
----------------------------
Environment: IBM WebSphere Liberty, Java EE 7.0 Full Platform
> Scope mismatch can lead to subtle bugs
> --------------------------------------
>
> Key: CDI-739
> URL: https://issues.jboss.org/browse/CDI-739
> Project: CDI Specification Issues
> Issue Type: Bug
> Components: Beans, Contexts, Java EE integration
> Environment: IBM WebSphere Liberty, Java EE 7.0 Full Platform
> Reporter: Frigo Coder
> Priority: Major
>
> CDI allows injection of a non-proxyable object created by a provider into higher level contextes. This can lead to subtle bugs, see the following example, the first username that accesses the service is returned for other users:
> {code:java}
> @ApplicationScoped
> public class ServiceClass {
> @Inject
> @UserName
> private String userName;
> }
> @RequestScoped
> public class UserNameProvider {
> @Inject
> private HttpServletRequest request;
> @Produces
> @UserName
> public String userName() {
> return request.getUserPrincipal().getName();
> }
> }
> {code}
> CDI should fail to start when it detects such a situation. Do note that this bug does not require direct injection (Service->userName), it can occur transitively as well (Service->User->userName).
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the cdi-dev
mailing list