SessionImpl#getSubject() should return an unmodifiable subject
--------------------------------------------------------------
Key: JCR-2895
URL: https://issues.apache.org/jira/browse/JCR-2895
Project: Jackrabbit Content Repository
Issue Type: Bug
Reporter: angela
Assignee: angela
for security reasons the subject exposed by SessionImpl#getSubject() should be
unmodifiable or at least changes made
to it should not be modify the subject hold by the session.
currently i see the following options to get there:
a: set readonly flag on the subject associated with the session
b: getSubject() returns a new instance of Subject having the same
characteristics as the subject associated with the session
c: getSubject() returns a new but readonly Subject instance
my preferred solution was c as
- it doesn't change the characteristics of the subject
- the unmodifiable status is transparent to the caller since modifying the
subject fails without forcing the api consumer
to read the javadoc to know why changing the subject is not reflected on the
session itself (that would be a drawback of b).
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
