jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-2895) SessionImpl#getSubject() should return an unmodifiable subject
Date Wed, 16 Feb 2011 13:50:57 GMT
SessionImpl#getSubject() should return an unmodifiable subject
--------------------------------------------------------------

                 Key: JCR-2895
                 URL: https://issues.apache.org/jira/browse/JCR-2895
             Project: Jackrabbit Content Repository
          Issue Type: Bug
            Reporter: angela
            Assignee: angela


for security reasons the subject exposed by SessionImpl#getSubject() should be unmodifiable
or at least changes made
to it should not be modify the subject hold by the session.

currently i see the following options to get there:
a: set readonly flag on the subject associated with the session
b: getSubject() returns a new instance of Subject having the same characteristics as the subject
associated with the session
c: getSubject() returns a new but readonly Subject instance

my preferred solution was c as
- it doesn't change the characteristics of the subject
- the unmodifiable status is transparent to the caller since modifying the subject fails without
forcing the api consumer
  to read the javadoc to know why changing the subject is not reflected on the session itself
(that would be a drawback of b).

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message