You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2011/02/17 17:00:24 UTC
[jira] Updated: (JCR-2895) SessionImpl#getSubject() should return
an unmodifiable subject
[ https://issues.apache.org/jira/browse/JCR-2895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated JCR-2895:
------------------------
Component/s: security
jackrabbit-core
> SessionImpl#getSubject() should return an unmodifiable subject
> --------------------------------------------------------------
>
> Key: JCR-2895
> URL: https://issues.apache.org/jira/browse/JCR-2895
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
>
> for security reasons the subject exposed by SessionImpl#getSubject() should be unmodifiable or at least changes made
> to it should not be modify the subject hold by the session.
> currently i see the following options to get there:
> a: set readonly flag on the subject associated with the session
> b: getSubject() returns a new instance of Subject having the same characteristics as the subject associated with the session
> c: getSubject() returns a new but readonly Subject instance
> my preferred solution was c as
> - it doesn't change the characteristics of the subject
> - the unmodifiable status is transparent to the caller since modifying the subject fails without forcing the api consumer
> to read the javadoc to know why changing the subject is not reflected on the session itself (that would be a drawback of b).
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira