Project

General

Profile

bug #4847

Problem with session attributes for a UI used in different CDM Instances

Added by Cherian Mathew over 3 years ago. Updated 3 months ago.

Status:
In Progress
Priority:
Highest
Category:
cdm-vaadin
Target version:
Start date:
04/29/2015
Due date:
% Done:

0%

Severity:
critical
Found in Version:
Tags:

Description

This is a general problem with the vaadin framework deployed on a CDM Server running multiple CDM Instances.

Since a Vaadin session is connected (one-one) to a specific UI, any attribute set in the session of the UI will be accessible for all running CDM Instances.

This is clearly not always desirable for all cases. E.g. the various services that are registered as session attributes, should be mapped to the host-port-cdm instance, so that access to these are restricted to the UI running on a particular CDM Instance.

The specific case of authentication has been dealt with in #4844, but this needs to be generalised.

see comments!


Related issues

Related to Edit - task #6590: Check if CdmVaadinAuthentication is a proper solution for handling authentications and SecurityContexts New 04/25/2017

History

#1 Updated by Cherian Mathew over 3 years ago

  • Priority changed from Priority08 to Highest

#2 Updated by Andreas Müller over 1 year ago

  • Description updated (diff)
  • Assignee changed from Cherian Mathew to Andreas Kohlbecker

Is this still an open issue?

#3 Updated by Andreas Kohlbecker 9 months ago

  • Tags set to phycobank
  • Target version changed from cdm-vaadin Next Major Release to Release 5.1

#4 Updated by Andreas Kohlbecker 7 months ago

  • Status changed from New to In Progress

#5 Updated by Andreas Kohlbecker 7 months ago

  • Tags deleted (phycobank)
  • Description updated (diff)
  • Assignee changed from Andreas Kohlbecker to Fabian Reimeier
  • Severity changed from normal to critical

This problem can generally be solved by using vaadin-spring. With vaadin-spring all UI Objects are Spring beans which will only be available in the spring application context which is created individually per cdm instance.

The RegistrationUI can be taken as an example for the springification of a vaadin UI.

So this issue is not relevant for phycobank, but for all other UIs:

  • ConceptRelationshipUI.java
  • DistributionStatusUI.java
  • RegistrationUIDefaults.java
  • StatusEditorUI.java

I am now passing this issue to you Fabian. Can you please get an overview on the severity of this problem regarding the DistributionStatusUI? Which objects can leak to other cdm instances and can this cause problems? Your investigation will be the base for us to estimate if this issue needs to be solved urgently.

#6 Updated by Andreas Kohlbecker 7 months ago

  • Tags set to security

#8 Updated by Andreas Kohlbecker 7 months ago

  • Related to task #6590: Check if CdmVaadinAuthentication is a proper solution for handling authentications and SecurityContexts added

#9 Updated by Andreas Müller 7 months ago

  • Target version changed from Release 5.1 to Release 5.2

Fabian can you please have a look on this issue?

#10 Updated by Andreas Müller 5 months ago

  • Target version changed from Release 5.2 to Release 5.3

#11 Updated by Andreas Müller 4 months ago

  • Target version changed from Release 5.3 to Release 5.4

#12 Updated by Andreas Müller 3 months ago

  • Private changed from Yes to No

#13 Updated by Andreas Müller 3 months ago

  • Assignee changed from Fabian Reimeier to Andreas Müller
  • Target version changed from Release 5.4 to Release 5.5

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)