Uploaded image for project: 'CDI Specification Issues'
  1. CDI Specification Issues
  2. CDI-739

Scope mismatch can lead to subtle bugs

XMLWordPrintable

    • Hide
      • Create a @RequestScoped provider
      • Return a non-proxyable object from it
      • @Inject the object into an @ApplicationScoped bean
      • Call the bean once to initialize the object
      • Call the bean subsequent times
      • Watch the object stay the same and incorrect for subsequent calls
      Show
      Create a @RequestScoped provider Return a non-proxyable object from it @Inject the object into an @ApplicationScoped bean Call the bean once to initialize the object Call the bean subsequent times Watch the object stay the same and incorrect for subsequent calls

      CDI allows injection of a non-proxyable object created by a provider into higher level contextes. This can lead to subtle bugs, see the following example, the first username that accesses the service is returned for other users:

      @ApplicationScoped
public class ServiceClass {

    @Inject
    @UserName
    private String userName;

}

@RequestScoped
public class UserNameProvider {

    @Inject
    private HttpServletRequest request;

    @Produces
    @UserName
    public String userName() {
        return request.getUserPrincipal().getName();
    }

}

      CDI should fail to start when it detects such a situation. Do note that this bug does not require direct injection (Service->userName), it can occur transitively as well (Service->User->userName).

            Unassigned Unassigned
            frigocoder Frigo Coder (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: