[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3986) EJB Warning Request with Bijection
Shawn Gunsolley (JIRA)
jira-events at lists.jboss.org
Wed Mar 4 17:07:31 EST 2009
[ https://jira.jboss.org/jira/browse/JBSEAM-3986?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shawn Gunsolley updated JBSEAM-3986:
------------------------------------
Description:
This request is for a compile warning when an EJB has member variables with Bijection or Factory methods. The issue can cause a problem where users were passed incorrect information via stateless beans.
The following is an example:
@Stateless
@Name("accountStuff")
public class AccountStuffBean {
@In(create=true)
@Out
private User user;
@Factory("user")
public void createUser(){
//error occurs in User B
}
}
@Name("user")
@Scope(SESSION)
public class User implements Serializable{
}
Here is the scenario that this goes south:
• User A - request the stateless bean and creates the user information
o This creates the local variable in the stateless bean for a user
o This stores a reference to that variable in the Session of User A
o Finally the stateless bean is returned to the container
• Now there is two places the variable is present the JEE container and the User A Session
• Due to JEE specs there is no requirement to clear the container beans member variables (And JBoss does not clear this member variable)
• User B - hits the same portion of the code and is returned the Stateless bean that User A returned to the container
o Seam checks if the variable is in the Session (it is not because this is not User A)
o Seam runs the factory and it fails but no exception is thrown the User A variable is outjected
o ***User B is returned User A's variable for user****
This truly is a coding error that is why this is an enhancement request. The developer should not assume that the member variable clears in a stateless bean.
was:
This request is for a compile warning when an EJB has member variables with Bijection or Factory methods. The issue can cause a problem where users were passed incorrect information via stateless beans.
The following is an example:
@Stateless
@Name("accountStuff")
public class AccountStuffBean {
@In(create=true)
@Out
private User user;
@Factory("user")
public void createUser(){
//error occurs in User B
}
}
@Name("user")
@Scope(SESSION)
public class User implements Serializable{
}
Here is the scenario that this goes south:
• User A - request the stateless bean and creates the user information
o This creates the local variable in the stateless bean for a user
o This stores a reference to that variable in the Session of User A
o Finally the stateless bean is returned to the container
• Now there is two places the variable is present the JEE container and the User A Session
• Due to JEE specs there is no requirement to clear the container beans member variables (And JBoss does not clear this member variable)
• User B - hits the same portion of the code and is returned the Stateless bean that User A returned to the container
o Seam checks if the variable is in the Session (it is not because this is not User A)
o Seam checks to see if it should be created (it shouldn't because it exists)
o ***User B is returned User A's variable for user****
This truly is a coding error that is why this is an enhancement request. The developer should not assume that the member variable clears in a stateless bean.
> EJB Warning Request with Bijection
> ----------------------------------
>
> Key: JBSEAM-3986
> URL: https://jira.jboss.org/jira/browse/JBSEAM-3986
> Project: Seam
> Issue Type: Feature Request
> Components: Core, EJB3
> Affects Versions: 2.1.1.GA
> Environment: EJB3 used in a Seam application
> Reporter: Shawn Gunsolley
>
> This request is for a compile warning when an EJB has member variables with Bijection or Factory methods. The issue can cause a problem where users were passed incorrect information via stateless beans.
> The following is an example:
> @Stateless
> @Name("accountStuff")
> public class AccountStuffBean {
> @In(create=true)
> @Out
> private User user;
>
> @Factory("user")
> public void createUser(){
> //error occurs in User B
> }
> }
> @Name("user")
> @Scope(SESSION)
> public class User implements Serializable{
> }
> Here is the scenario that this goes south:
> • User A - request the stateless bean and creates the user information
> o This creates the local variable in the stateless bean for a user
> o This stores a reference to that variable in the Session of User A
> o Finally the stateless bean is returned to the container
> • Now there is two places the variable is present the JEE container and the User A Session
> • Due to JEE specs there is no requirement to clear the container beans member variables (And JBoss does not clear this member variable)
> • User B - hits the same portion of the code and is returned the Stateless bean that User A returned to the container
> o Seam checks if the variable is in the Session (it is not because this is not User A)
> o Seam runs the factory and it fails but no exception is thrown the User A variable is outjected
> o ***User B is returned User A's variable for user****
> This truly is a coding error that is why this is an enhancement request. The developer should not assume that the member variable clears in a stateless bean.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list