jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JCR-2895) SessionImpl#getSubject() should return an unmodifiable subject
Date Thu, 17 Feb 2011 16:00:24 GMT

     [ https://issues.apache.org/jira/browse/JCR-2895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

angela updated JCR-2895:

    Component/s: security

> SessionImpl#getSubject() should return an unmodifiable subject
> --------------------------------------------------------------
>                 Key: JCR-2895
>                 URL: https://issues.apache.org/jira/browse/JCR-2895
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Assignee: angela
> for security reasons the subject exposed by SessionImpl#getSubject() should be unmodifiable
or at least changes made
> to it should not be modify the subject hold by the session.
> currently i see the following options to get there:
> a: set readonly flag on the subject associated with the session
> b: getSubject() returns a new instance of Subject having the same characteristics as
the subject associated with the session
> c: getSubject() returns a new but readonly Subject instance
> my preferred solution was c as
> - it doesn't change the characteristics of the subject
> - the unmodifiable status is transparent to the caller since modifying the subject fails
without forcing the api consumer
>   to read the javadoc to know why changing the subject is not reflected on the session
itself (that would be a drawback of b).

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message