You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by sk...@apache.org on 2007/08/11 13:08:23 UTC
svn commit: r564894 -
/myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java
Author: skitching
Date: Sat Aug 11 04:08:22 2007
New Revision: 564894
URL: http://svn.apache.org/viewvc?view=rev&rev=564894
Log:
Update comments/javadoc only.
Modified:
myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java
Modified: myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java
URL: http://svn.apache.org/viewvc/myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java?view=diff&rev=564894&r1=564893&r2=564894
==============================================================================
--- myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java (original)
+++ myfaces/orchestra/trunk/core/src/main/java/org/apache/myfaces/orchestra/conversation/ConversationManager.java Sat Aug 11 04:08:22 2007
@@ -51,8 +51,13 @@
private final Log log = LogFactory.getLog(ConversationManager.class);
+ // This member must always be accessed with a lock held on the parent ConverstationManager instance;
+ // a HashMap is not thread-safe and this class must be thread-safe.
private final Map conversationContexts = new HashMap();
+ // Used to report problems to the user. This member is only ever assigned to once, during the constructor
+ // for this class, and all ConversationMessager implementations are required to be thread-safe so there
+ // are no thread-safety issues with accessing this member.
private ConversationMessager conversationMessager;
// private Set managedScopes;
@@ -142,6 +147,9 @@
* Get the current, or create a new unique conversationContextId.<br />
* The current conversationContextId will retrieved from the request parameters, if we cant find it there
* a new one will be created. In either case the result will be stored within the request for faster lookup.
+ * <p>
+ * Note that there is no security flaw regarding injection of fake context ids; the id must match one already
+ * in the session and there is no security problem with two windows in the same session exchanging ids.
*/
public Long getConversationContextId()
{