• Type: Feature Request
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.1.1.GA
    • Fix Version/s: None
    • Component/s: Core, EJB3
    • Labels:


      This request is for a compile warning when an EJB has member variables with Bijection or Factory methods. The issue can cause a problem where users were passed incorrect information via stateless beans.

      The following is an example:

      public class AccountStuffBean {
      private User user;

      public void createUser(){
      //error occurs in User B

      public class User implements Serializable{

      Here is the scenario that this goes south:

      • User A - request the stateless bean and creates the user information
      o This creates the local variable in the stateless bean for a user
      o This stores a reference to that variable in the Session of User A
      o Finally the stateless bean is returned to the container
      • Now there is two places the variable is present the JEE container and the User A Session
      • Due to JEE specs there is no requirement to clear the container beans member variables (And JBoss does not clear this member variable)
      • User B - hits the same portion of the code and is returned the Stateless bean that User A returned to the container
      o Seam checks if the variable is in the Session (it is not because this is not User A)
      o Seam runs the factory and it fails but no exception is thrown the User A variable is outjected
      o **User B is returned User A's variable for user***

      This truly is a coding error that is why this is an enhancement request. The developer should not assume that the member variable clears in a stateless bean.

        Gliffy Diagrams




              • Assignee:
                sgunsolley Shawn Gunsolley
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created: