You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2009/01/22 13:59:59 UTC
[jira] Commented: (JCR-1035) Jackrabbit JCA - The client can bypass
the managed connection and get the underlying JCR Session
[ https://issues.apache.org/jira/browse/JCR-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12666134#action_12666134 ]
Alexander Klimetschek commented on JCR-1035:
--------------------------------------------
I think this cannot be fixed, since getSession() is part of the JCR API and we cannot remove this method or throw an exception. The only critical think might be session.logout() but that should be properly handled in a XA session.
> Jackrabbit JCA - The client can bypass the managed connection and get the underlying JCR Session
> ------------------------------------------------------------------------------------------------
>
> Key: JCR-1035
> URL: https://issues.apache.org/jira/browse/JCR-1035
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-jca
> Reporter: Edgar Poce
> Priority: Minor
>
> By using Item.getSession() the client can access the underlying jcr session, eventually close the connection and generate a session leak.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.