I have noticed that a NullpointerException is being through in TurbinePullService.populateWithSessionTools(). This happens when the first request for the session is the login action (or the logout action). It is because the method does not expect the user object to be null. Since the session validator has not run yet, the user is null.
There is also the issue of session scope tools being lost when the login action is executed (TTWS22). Here is what I came up with to address these two issues. populateWithSessionTools() will only process session and authorized scope tools. These tools will be stored in the session instead of the user. The synchronized block will use the session instead of the user object. Note: I am not sure if this needs to be synchronized. We should not have a case where multiple threads modifing the same session. The only potential issue here is the call to init(tool, user). The user object could be null causing a problem in the tool itself. The only way I saw around this was to get an anonymous user from the security service is the user was null. Although this would work, it might be better to state in the interface definition that the user object could be null. I am a bit undecided on how to handle this issue. populateWithPermTools() is a new method which only handles perm scope tools. It is basically a copy of populateWithSessionTools exception that the conditional logic involving the userPerm flag is gone. It will still expect a non-null user object however this method will never be called unless TurbineSecurity. I am conducting a poll on the user list to see if anyone uses the perm tools or storage of data in TurbibeUser in the perm hashtable. If they don't I would like to deprecate the use or perm tools and the perm hashtable for removal in 2.4-dev. Although there are other ways to solve these two issues, I feel that this is the cleanest approach. -------------------------------------------- Quinton McCombs NequalsOne - HealthCare marketing tools mailto:[EMAIL PROTECTED] http://www.NequalsOne.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
