Uploaded image for project: 'folio-spring-base'
  1. folio-spring-base
  2. FOLSPRINGB-95

non-public beginFolioExecutionContext avoids wrong tenant/user

    XMLWordPrintable

Details

    • Spring Force
    • Poppy (R2 2023)
    • Implementation coding issue
    • Orchid (R1 2023), Nolana (R3 2022)

    Description

      A thread runs with a wrong tenant and wrong user when

      • a previous use of the thread sets the tenant and user
      • the previous use of the thread doesn't clear tenant and user
      • the current use of the thread doesn't set tenant and user.

      beginFolioExecutionContext sets tenant and user.
      endFolioExecutionContext clears tenant and user.

      See the code in FolioExecutionScopeExecutionContextManager:
      https://github.com/folio-org/folio-spring-base/blob/v6.0.1/src/main/java/org/folio/spring/scope/FolioExecutionScopeExecutionContextManager.java#L47-L69

      Two options are available that enforce that beginFolioExecutionContext is called at the begin of some task and endFolioExecutionContext is always called afterwards:

      https://github.com/folio-org/folio-spring-base/blob/v6.0.1/src/main/java/org/folio/spring/scope/FolioExecutionScopeExecutionContextManager.java#L71-L93

      import static org.folio.spring.scope.FolioExecutionScopeExecutionContextManager.getRunnableWithCurrentFolioContext;

executor.execute(getRunnableWithCurrentFolioContext(() -> /* some stuff */));

      https://github.com/folio-org/folio-spring-base/blob/v6.0.1/src/main/java/org/folio/spring/scope/FolioExecutionContextSetter.java

      try (var x = new FolioExecutionContextSetter(currentFolioExecutionContext)) {
  // some stuff
}

      Manually calling beginFolioExecutionContext and endFolioExecutionContext is error-prone because one or both of them can be forgotten. If forgotten the unit tests doesn't catch this. See two only recently fixed examples: MODEXPW-375, FOLSPRINGB-86.

      To end the error-prone usage these two error-prone methods should become package-private.

      Task:

      • Make FolioExecutionScopeExecutionContextManager.beginFolioExecutionContext package-private.

      (FolioExecutionScopeExecutionContextManager.endFolioExecutionContext can remain public to be available for cleaning the context in unit tests.)

      This forces a review of all code that use it.
      Most usages should switch to one of the secure methods shown above (runnable decorator, try-with-resources). A few remaining usages may use endFolioExecutionContext without try-with-resources. This triggers a sonar warning that the closable is not closed. And this code should undergo regular code review (for example once per flower release).

      TestRail: Results

        Attachments

          Issue Links

            blocks

            Task - A task that needs to be done. MODBULKOPS-81 mod-bulk-operations: module release

            • TBD - To be determined
            • Closed

            Task - A task that needs to be done. MODEXPS-200 mod-data-export-spring: module release

            • TBD - To be determined
            • Closed

            Task - A task that needs to be done. MODEXPW-390 mod-data-export-worker: module release

            • TBD - To be determined
            • Closed
            continues

            Tech Debt - FOLIO-3448 SPIKE: Prevent FolioExecutionContext from being initialized with wrong tenant id

            • P1 - highest priority item, drop everything else before this is resolved, reserved for critical bugfixes
            • Closed

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODEXPW-163 End spring execution context

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. MODEXPW-375 Job runs by user not the one who created the job

            • P1 - highest priority item, drop everything else before this is resolved, reserved for critical bugfixes
            • Closed
            has to be done before

            Task - A task that needs to be done. FOLSPRINGB-100 Release folio-spring-base v6.1.0 Orchid BugFix (R1 2023)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            relates to

            Tech Debt - FOLSPRINGB-96 Move executeWithinContext from mod-inn-reach

            • TBD - To be determined
            • Awaiting release

            Bug - A problem which impairs or prevents the functions of the product. MODEBSNET-58 Delete beginFolioExecutionContext from TestBase

            • TBD - To be determined
            • Closed
            mentioned in

            Page Loading...

            Page Loading...

            Page Loading...

            Activity

              People

                Taras_Spashchenko Taras Spashchenko
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases