Hi,
Before Jon took over the JWT work in TomEE, I was also looking into this code.
I was never able to have it working either, but I only spent a limited amount
of time in it and then I had to move to something else.
Looking at the current code:
// On first call, this evaluates.
// On second call, returns immediately the cached Principal
if (proxyInstance == null)
{
// No Proxy - skip
if (proxy)
{
NormalScopeProxyFactory proxyFactory =
webBeansContext.getNormalScopeProxyFactory();
ClassLoader loader = returnType.getClassLoader();
if (loader == null)
{
loader = WebBeansUtil.getCurrentClassLoader();
}
Class<T> proxyClass = proxyFactory.createProxyClass(loader, returnType);
proxyInstance = proxyFactory.createProxyInstance(proxyClass, provider);
}
else
{
// Cache Principal
proxyInstance = provider.get();
}
}
return proxyInstance;
And Provider delegates to the Principal stored in the Request.
Maybe I’m missing something as well, but I think that Jon is right.
Cheers,
Roberto
> On 2 Nov 2018, at 15:48, jgallimore <[email protected]> wrote:
>
> Short followup - the implementation of the SecurityService and the
> PrincipalProvider work fine. They are wrapped by ProviderBasedProducer,
> which appears to be application scoped, and cache the result of the first
> lookup here:
> https://github.com/apache/openwebbeans/blob/trunk/webbeans-impl/src/main/java/org/apache/webbeans/portable/ProviderBasedProducer.java#L66
>
> When running with proxy set to true, this is ok, but when proxy is false,
> the first Principal returned from the PrincipalProvider/SecurityService is
> held in the proxyInstance field forever and returned for every subsequent
> request. The second and subsequent requests never trigger
> PrincipalProvider.get() or SecurityService.getCurrentPrincipal() to be
> called. If you run my test, and put some breakpoints on these methods you'll
> see what I mean.
>
> Jon
>
>
>
> --
> Sent from:
> http://apache-geronimo.328035.n3.nabble.com/Development-f342155.html
