You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2014/04/28 21:46:17 UTC

[jira] [Created] (SLING-3524) ResourceResolver.clone(null) should not share the same JCR session

Alexander Klimetschek created SLING-3524:
--------------------------------------------

             Summary: ResourceResolver.clone(null) should not share the same JCR session
                 Key: SLING-3524
                 URL: https://issues.apache.org/jira/browse/SLING-3524
             Project: Sling
          Issue Type: Improvement
          Components: ResourceResolver
    Affects Versions: Resource Resolver 1.0.6
            Reporter: Alexander Klimetschek


{{ResourceResolver.clone()}} will reuse the same JCR session in case it was created by passing an existing session using {{JcrResourceConstants.AUTHENTICATION_INFO_SESSION}}. If you need a clone of the resource resolver to pass into a new, separate thread, and use {{ResourceResolver.clone(null)}}, you will actually share the session, but this is not obvious. The problem is that a JCR session cannot be shared across threads.

The javadocs of clone() say "the same credential data is used as was used to create this instance".

There are a few problems with this:
- seeing the session object itself as "credential data" is unintuitive
- in my code, I have no idea what the original credential data was, so I don't know what kind of credential data it was to make the right decision
- since sharing a JCR session is to be avoided at all times, the resource resolver should prevent one from this

A solution would be if a plain {{ResourceResolver.clone(null)}} would return a session that impersonated itself, abstracting this from the resource resolver user. Additionally, it might be worth looking that clone always returns a new session, unless specifically stated.



--
This message was sent by Atlassian JIRA
(v6.2#6252)