Robert Munteanu created SLING-7815:
--------------------------------------
Summary: CLONE - ResourceResolver.clone(null) should not share the
same JCR session
Key: SLING-7815
URL: https://issues.apache.org/jira/browse/SLING-7815
Project: Sling
Issue Type: Improvement
Components: API, JCR, ResourceResolver
Affects Versions: Resource Resolver 1.0.6
Reporter: Alexander Klimetschek
Assignee: Carsten Ziegeler
Fix For: API 2.18.2, Resource Resolver 1.6.4, JCR Resource 3.0.14
{{ResourceResolver.clone()}} will reuse the same JCR session in case it was
created by passing an existing session using
{{JcrResourceConstants.AUTHENTICATION_INFO_SESSION}}. If you need a clone of
the resource resolver to pass into a new, separate thread, and use
{{ResourceResolver.clone(null)}}, you will actually share the session, but this
is not obvious. The problem is that a JCR session cannot be shared across
threads.
The javadocs of clone() say "the same credential data is used as was used to
create this instance".
There are a few problems with this:
- seeing the session object itself as "credential data" is unintuitive
- in my code, I have no idea what the original credential data was, so I don't
know what kind of credential data it was to make the right decision
- since sharing a JCR session is to be avoided at all times, the resource
resolver should prevent one from this
A solution would be if a plain {{ResourceResolver.clone(null)}} would return a
session that impersonated itself, abstracting this from the resource resolver
user. Additionally, it might be worth looking that clone always returns a new
session, unless specifically stated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)