[cdi-dev] [JBoss JIRA] (CDI-739) Scope mismatch can lead to subtle bugs

Matej Novotny (Jira) issues at jboss.org
Thu Nov 29 06:26:00 EST 2018 

    [ https://issues.jboss.org/browse/CDI-739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13667928#comment-13667928 ] 

Matej Novotny commented on CDI-739:
-----------------------------------

The producer in your example is {{@Dependent}}, e.g. invoked again for every {{InjectionPoint}} of type {{String}} with qualifier {{@UserName}}.
The lifecycle of the produced bean is then tied to that into which you injected it - in your case that is application scoped bean, so yea, you inject it once and have it there until app exits (at which point App scope is torn down).

bq. CDI should fail to start when it detects such a situation.

Such a detection would potentially cost you a lot of time during bootstrap and still fail for cases with {{Instance}}.

> Scope mismatch can lead to subtle bugs
> --------------------------------------
>
>                 Key: CDI-739
>                 URL: https://issues.jboss.org/browse/CDI-739
>             Project: CDI Specification Issues
>          Issue Type: Bug
>          Components: Beans, Contexts, Java EE integration
>         Environment: IBM WebSphere Liberty, Java EE 7.0 Full Platform
>            Reporter: Frigo Coder
>            Priority: Major
>
> CDI allows injection of a non-proxyable object created by a provider into higher level contextes. This can lead to subtle bugs, see the following example, the first username that accesses the service is returned for other users:
> {code:java}
> @ApplicationScoped
> public class ServiceClass {
>     @Inject
>     @UserName
>     private String userName;
> }
> @RequestScoped
> public class UserNameProvider {
>     @Inject
>     private HttpServletRequest request;
>     @Produces
>     @UserName
>     public String userName() {
>         return request.getUserPrincipal().getName();
>     }
> }
> {code}
> CDI should fail to start when it detects such a situation. Do note that this bug does not require direct injection (Service->userName), it can occur transitively as well (Service->User->userName).



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the cdi-dev mailing list