Problem with session attributes for a UI used in different CDM Instances
This is a general problem with the vaadin framework deployed on a CDM Server running multiple CDM Instances.
Since a Vaadin session is connected (one-one) to a specific UI, any attribute set in the session of the UI will be accessible for all running CDM Instances.
This is clearly not always desirable for all cases. E.g. the various services that are registered as session attributes, should be mapped to the host-port-cdm instance, so that access to these are restricted to the UI running on a particular CDM Instance.
The specific case of authentication has been dealt with in #4844, but this needs to be generalised.
#5 Updated by Andreas Kohlbecker about 1 year ago
- Tags deleted (
- Description updated (diff)
- Assignee changed from Andreas Kohlbecker to Fabian Reimeier
- Severity changed from normal to critical
This problem can generally be solved by using
vaadin-spring all UI Objects are Spring beans which will only be available in the spring application context which is created individually per cdm instance.
RegistrationUI can be taken as an example for the springification of a vaadin UI.
So this issue is not relevant for phycobank, but for all other UIs:
I am now passing this issue to you Fabian. Can you please get an overview on the severity of this problem regarding the DistributionStatusUI? Which objects can leak to other cdm instances and can this cause problems? Your investigation will be the base for us to estimate if this issue needs to be solved urgently.