You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue #976 introduced support for restricting nested sessions scoped. However, there are also situation where it would be beneficial to restrict method invocation outside of an active session scope. This would be the opposite to the functionality in #976.
The main motivation for this feature is to provide a way for engineers to harden the code by preventing unintended method execution that could start its own session, but should not have. New sessions start automatically for all methods annotated with @SessionRequired if no active session is present (subject to allowNestedScope = false).
A good example of this is a loop that saves data one by one, but where all of that data should be committed in a single transaction. And so, such loop would reside in a method annotated @SessionRequired. However, if there would be a try-catch block within the loop and there was a caught exception, the original session would be rolled back. However, subsequent iterations would be permitted. As the result, those subsequent data changes would be done in their own individual sessions (transactions).
With the proposed support, the code in the loop could be represented by a separate method annotated with @SessionRequired(requireNestedScope = true) (or something like that) that would fail if invoked outside of the scope for an active session.
Implementation considerations
An introduction of attribute requireNestedScope in SessionRequired could easily lead to conflicts with allowNestedScope by specify @SessionRequried(allowNestedScope = false, requiredNestedScope = true). Effectively, these attributes are mutually exclusive.
Therefore, it is recommended to introduce enum SessionPolicy(NESTED_SCOPE_ALLOWED, NESTED_SCOPE_RESTRICTED, NESTED_SCOPE_REQUIRED) and refactor attribute boolean allowNestedScope() default true to SessionPolicy scopeOption() default NESTED_SCOPE_ALLOWED.
The implementation of SessionInterceptor needs to be modified accordingly. Also, the attribute change would be a braking change for existing TG-based applications. However, the adjustment itself should be a trivial matter, where occurences of @SessionRequired(allowNestedScope = false) would need to be replaced to @SessionRequired(scopeOption = NESTED_SCOPE_RESTRICTED).
Expected outcome
More fine-grained declarative session management, enforcing method invocation to happen only in the scope of an active session without starting a new one.
The text was updated successfully, but these errors were encountered:
Description
Issue #976 introduced support for restricting nested sessions scoped. However, there are also situation where it would be beneficial to restrict method invocation outside of an active session scope. This would be the opposite to the functionality in #976.
The main motivation for this feature is to provide a way for engineers to harden the code by preventing unintended method execution that could start its own session, but should not have. New sessions start automatically for all methods annotated with
@SessionRequired
if no active session is present (subject toallowNestedScope = false
).A good example of this is a loop that saves data one by one, but where all of that data should be committed in a single transaction. And so, such loop would reside in a method annotated
@SessionRequired
. However, if there would be atry-catch
block within the loop and there was a caught exception, the original session would be rolled back. However, subsequent iterations would be permitted. As the result, those subsequent data changes would be done in their own individual sessions (transactions).With the proposed support, the code in the loop could be represented by a separate method annotated with
@SessionRequired(requireNestedScope = true)
(or something like that) that would fail if invoked outside of the scope for an active session.Implementation considerations
An introduction of attribute
requireNestedScope
inSessionRequired
could easily lead to conflicts withallowNestedScope
by specify@SessionRequried(allowNestedScope = false, requiredNestedScope = true)
. Effectively, these attributes are mutually exclusive.Therefore, it is recommended to introduce enum
SessionPolicy(NESTED_SCOPE_ALLOWED, NESTED_SCOPE_RESTRICTED, NESTED_SCOPE_REQUIRED)
and refactor attributeboolean allowNestedScope() default true
toSessionPolicy scopeOption() default NESTED_SCOPE_ALLOWED
.The implementation of
SessionInterceptor
needs to be modified accordingly. Also, the attribute change would be a braking change for existing TG-based applications. However, the adjustment itself should be a trivial matter, where occurences of@SessionRequired(allowNestedScope = false)
would need to be replaced to@SessionRequired(scopeOption = NESTED_SCOPE_RESTRICTED)
.Expected outcome
More fine-grained declarative session management, enforcing method invocation to happen only in the scope of an active session without starting a new one.
The text was updated successfully, but these errors were encountered: