jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (JCR-2895) SessionImpl#getSubject() should return an unmodifiable subject
Date Fri, 18 Feb 2011 17:23:38 GMT

     [ https://issues.apache.org/jira/browse/JCR-2895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

angela resolved JCR-2895.
-------------------------

       Resolution: Fixed
    Fix Version/s: 2.3.0

> SessionImpl#getSubject() should return an unmodifiable subject
> --------------------------------------------------------------
>
>                 Key: JCR-2895
>                 URL: https://issues.apache.org/jira/browse/JCR-2895
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Assignee: angela
>             Fix For: 2.3.0
>
>
> for security reasons the subject exposed by SessionImpl#getSubject() should be unmodifiable
or at least changes made
> to it should not be modify the subject hold by the session.
> currently i see the following options to get there:
> a: set readonly flag on the subject associated with the session
> b: getSubject() returns a new instance of Subject having the same characteristics as
the subject associated with the session
> c: getSubject() returns a new but readonly Subject instance
> my preferred solution was c as
> - it doesn't change the characteristics of the subject
> - the unmodifiable status is transparent to the caller since modifying the subject fails
without forcing the api consumer
>   to read the javadoc to know why changing the subject is not reflected on the session
itself (that would be a drawback of b).

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message