You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by johnxmas <jo...@free.fr> on 2009/07/10 12:01:44 UTC

About JCA 1.5 Admin objects and JNDI

Hi all,

With JCA 1.5 was introduced the concept of Admin Objects. So now, you cand deploy in your resource adapter much more thant a ConnectionFactory;
I used the feature to include in my deployment the InteractionSpec and ConnectionSpec.

But at lookup time, it sems these objects are passed by refernce.Which is a serious problem: say client A sets its userName and password in
the ConnectionSpec. These values get stored in the JNDI instance and can be read by client B !

This behavior is not specific to Geronimo. Most (but not all) application servers produce the same result...     Sould not lookup return a
clone of the Objects ?

Your opinon deeply interest me.

Thanks 

Jean-Noël

Re: About JCA 1.5 Admin objects and JNDI

Posted by David Jencks <da...@yahoo.com>.

On Jul 10, 2009, at 3:01 AM, johnxmas wrote:

> Hi all,
>
> With JCA 1.5 was introduced the concept of Admin Objects. So now,  
> you cand deploy in your resource adapter much more thant a  
> ConnectionFactory;
> I used the feature to include in my deployment the InteractionSpec  
> and ConnectionSpec.
>
> But at lookup time, it sems these objects are passed by  
> refernce.Which is a serious problem: say client A sets its userName  
> and password in
> the ConnectionSpec. These values get stored in the JNDI instance and  
> can be read by client B !

How would returning copies of the admin object help with this?

>
> This behavior is not specific to Geronimo. Most (but not all)  
> application servers produce the same result...     Sould not lookup  
> return a
> clone of the Objects ?

I think the spec indicates copies should be returned.  We used to  
return proxies.  I've always wondered what the point of a lot of the  
jndi spec was.  I've taken the view that the important part of the  
spec is for jndi to act like a hashmap and that since our jndi is in- 
vm only and not persistent lookup speed is pretty much the most  
important bit.

Could you explain in more detail what you don't like about this and  
what you want instead?

thanks
david jencks

>
> Your opinon deeply interest me.
>
> Thanks
>
> Jean-Noël