Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-7815

CLONE - ResourceResolver.clone(null) should not share the same JCR session

    XMLWordPrintableJSON

    Details

      Description

      ResourceResolver.clone() will reuse the same JCR session in case it was created by passing an existing session using JcrResourceConstants.AUTHENTICATION_INFO_SESSION. If you need a clone of the resource resolver to pass into a new, separate thread, and use ResourceResolver.clone(null), you will actually share the session, but this is not obvious. The problem is that a JCR session cannot be shared across threads.

      The javadocs of clone() say "the same credential data is used as was used to create this instance".

      There are a few problems with this:

      • seeing the session object itself as "credential data" is unintuitive
      • in my code, I have no idea what the original credential data was, so I don't know what kind of credential data it was to make the right decision
      • since sharing a JCR session is to be avoided at all times, the resource resolver should prevent one from this

      A solution would be if a plain ResourceResolver.clone(null) would return a session that impersonated itself, abstracting this from the resource resolver user. Additionally, it might be worth looking that clone always returns a new session, unless specifically stated.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rombert Robert Munteanu
                Reporter:
                alexander.klimetschek Alexander Klimetschek
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 10m
                  2h 10m