sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Munteanu (JIRA)" <>
Subject [jira] [Resolved] (SLING-7815) CLONE - ResourceResolver.clone(null) should not share the same JCR session
Date Fri, 22 Feb 2019 17:16:00 GMT


Robert Munteanu resolved SLING-7815.
    Resolution: Fixed

Merged in [sling-org-apache-sling-jcr-resource commit c54806b|],
thanks [~Csaba Varga]!

> CLONE - ResourceResolver.clone(null) should not share the same JCR session
> --------------------------------------------------------------------------
>                 Key: SLING-7815
>                 URL:
>             Project: Sling
>          Issue Type: Improvement
>          Components: API, JCR, ResourceResolver
>    Affects Versions: JCR Resource 3.0.14
>            Reporter: Alexander Klimetschek
>            Assignee: Robert Munteanu
>            Priority: Major
>             Fix For: JCR Resource 3.0.18
>          Time Spent: 2h 10m
>  Remaining Estimate: 0h
> {{ResourceResolver.clone()}} will reuse the same JCR session in case it was created by
passing an existing session using {{JcrResourceConstants.AUTHENTICATION_INFO_SESSION}}. If
you need a clone of the resource resolver to pass into a new, separate thread, and use {{ResourceResolver.clone(null)}},
you will actually share the session, but this is not obvious. The problem is that a JCR session
cannot be shared across threads.
> The javadocs of clone() say "the same credential data is used as was used to create this
> There are a few problems with this:
> - seeing the session object itself as "credential data" is unintuitive
> - in my code, I have no idea what the original credential data was, so I don't know what
kind of credential data it was to make the right decision
> - since sharing a JCR session is to be avoided at all times, the resource resolver should
prevent one from this
> A solution would be if a plain {{ResourceResolver.clone(null)}} would return a session
that impersonated itself, abstracting this from the resource resolver user. Additionally,
it might be worth looking that clone always returns a new session, unless specifically stated.

This message was sent by Atlassian JIRA

View raw message