Project

General

Profile

Actions

bug #4847

open

Problem with session attributes for a UI used in different CDM Instances

Added by Cherian Mathew almost 9 years ago. Updated about 5 years ago.

Status:
In Progress
Priority:
Highest
Category:
cdm-vaadin
Start date:
Due date:
% Done:

0%

Estimated time:
Severity:
critical
Found in Version:
Tags:

Description

This is a general problem with the vaadin framework deployed on a CDM Server running multiple CDM Instances.

Since a Vaadin session is connected (one-one) to a specific UI, any attribute set in the session of the UI will be accessible for all running CDM Instances.

This is clearly not always desirable for all cases. E.g. the various services that are registered as session attributes, should be mapped to the host-port-cdm instance, so that access to these are restricted to the UI running on a particular CDM Instance.

The specific case of authentication has been dealt with in #4844, but this needs to be generalised.

see comments!


Related issues

Related to EDIT - task #6590: Check if CdmVaadinAuthentication is a proper solution for handling authentications and SecurityContexts NewAndreas Kohlbecker

Actions
Actions #1

Updated by Cherian Mathew almost 9 years ago

  • Priority changed from Priority08 to Highest
Actions #2

Updated by Andreas Müller over 6 years ago

  • Description updated (diff)
  • Assignee changed from Cherian Mathew to Andreas Kohlbecker

Is this still an open issue?

Actions #3

Updated by Andreas Kohlbecker almost 6 years ago

  • Tags set to phycobank
  • Target version changed from Vaadin Taxon Concept Editor to Release 5.1
Actions #4

Updated by Andreas Kohlbecker over 5 years ago

  • Status changed from New to In Progress
Actions #5

Updated by Andreas Kohlbecker over 5 years ago

  • Tags deleted (phycobank)
  • Description updated (diff)
  • Assignee changed from Andreas Kohlbecker to Fabian Reimeier
  • Severity changed from normal to critical

This problem can generally be solved by using vaadin-spring. With vaadin-spring all UI Objects are Spring beans which will only be available in the spring application context which is created individually per cdm instance.

The RegistrationUI can be taken as an example for the springification of a vaadin UI.

So this issue is not relevant for phycobank, but for all other UIs:

  • ConceptRelationshipUI.java
  • DistributionStatusUI.java
  • RegistrationUIDefaults.java
  • StatusEditorUI.java

I am now passing this issue to you Fabian. Can you please get an overview on the severity of this problem regarding the DistributionStatusUI? Which objects can leak to other cdm instances and can this cause problems? Your investigation will be the base for us to estimate if this issue needs to be solved urgently.

Actions #6

Updated by Andreas Kohlbecker over 5 years ago

  • Tags set to security
Actions #8

Updated by Andreas Kohlbecker over 5 years ago

  • Related to task #6590: Check if CdmVaadinAuthentication is a proper solution for handling authentications and SecurityContexts added
Actions #9

Updated by Andreas Müller over 5 years ago

  • Target version changed from Release 5.1 to Release 5.2

Fabian can you please have a look on this issue?

Actions #10

Updated by Andreas Müller over 5 years ago

  • Target version changed from Release 5.2 to Release 5.3
Actions #11

Updated by Andreas Müller over 5 years ago

  • Target version changed from Release 5.3 to Release 5.4
Actions #12

Updated by Andreas Müller over 5 years ago

  • Private changed from Yes to No
Actions #13

Updated by Andreas Müller over 5 years ago

  • Assignee changed from Fabian Reimeier to Andreas Müller
  • Target version changed from Release 5.4 to Release 5.5
Actions #14

Updated by Andreas Müller about 5 years ago

  • Target version changed from Release 5.5 to Release 5.6
Actions #15

Updated by Andreas Müller about 5 years ago

  • Target version changed from Release 5.6 to Reviewed Next Major Release
Actions

Also available in: Atom PDF