ScopedValue: Capturing current bindings
Pedro Lamarão
pedro.lamarao at prodist.com.br
Thu Jun 1 21:08:00 UTC 2023
> In my DI framework example (of course it doesn't have to be a DI
> framework, the point is the lazy factory), you are currently having a
> different security issue. That is, at top level I bound the factory, and
> then lazily somewhere down (possibly in an authenticated scope) you could
> be running (unknowingly) the factory with credentials, and that is most
> certainly not something you want.
>
I don't understand this problem. What is this code that incorrectly rebound
the factory to some inappropriate value? Why does this code have this
power? There is an intuition here about DI frameworks that I also don't
understand: that factory clients don't want the new-like operation to react
to the actually current context, but must react to some
previously-current-at-that-time context. Is this really how standard DI
works? I would expect that, if my application updates the current context
somehow, and then calls into a new-like operation, this call must be affect
by the changes I just applied.
--
Pedro Lamarão
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/loom-dev/attachments/20230601/8576d6b2/attachment.htm>
More information about the loom-dev
mailing list