You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by sk...@apache.org on 2007/08/11 13:08:23 UTC

svn commit: r564894 - /myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java

Author: skitching
Date: Sat Aug 11 04:08:22 2007
New Revision: 564894

URL: http://svn.apache.org/viewvc?view=rev&rev=564894
Log:
Update comments/javadoc only.

Modified:
    myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java

Modified: myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java
URL: http://svn.apache.org/viewvc/myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java?view=diff&rev=564894&r1=564893&r2=564894
==============================================================================
--- myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java (original)
+++ myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java Sat Aug 11 04:08:22 2007
@@ -51,8 +51,13 @@
 
 	private final Log log = LogFactory.getLog(ConversationManager.class);
 
+	// This member must always be accessed with a lock held on the parent ConverstationManager instance;
+	// a HashMap is not thread-safe and this class must be thread-safe.
 	private final Map conversationContexts = new HashMap();
 
+	// Used to report problems to the user. This member is only ever assigned to once, during the constructor
+	// for this class, and all ConversationMessager implementations are required to be thread-safe so there
+	// are no thread-safety issues with accessing this member.
 	private ConversationMessager conversationMessager;
 
 	// private Set managedScopes;
@@ -142,6 +147,9 @@
 	 * Get the current, or create a new unique conversationContextId.<br />
 	 * The current conversationContextId will retrieved from the request parameters, if we cant find it there
 	 * a new one will be created. In either case the result will be stored within the request for faster lookup.
+	 * <p>
+	 * Note that there is no security flaw regarding injection of fake context ids; the id must match one already
+	 * in the session and there is no security problem with two windows in the same session exchanging ids.
 	 */
 	public Long getConversationContextId()
 	{