tg icon indicating copy to clipboard operation
tg copied to clipboard
verified publisher icon fieldenms

Session: support restriction to method invocation without an existing active session

Open 01es opened this issue 1 year ago • 0 comments

Description

Issue https://github.com/fieldenms/tg/issues/976 introduced support for restricting nested sessions scoped. However, there are also situation where it would be beneficial to restrict method invocation outside of an active session scope. This would be the opposite to the functionality in #976.

The main motivation for this feature is to provide a way for engineers to harden the code by preventing unintended method execution that could start its own session, but should not have. New sessions start automatically for all methods annotated with @SessionRequired if no active session is present (subject to allowNestedScope = false).

A good example of this is a loop that saves data one by one, but where all of that data should be committed in a single transaction. And so, such loop would reside in a method annotated @SessionRequired. However, if there would be a try-catch block within the loop and there was a caught exception, the original session would be rolled back. However, subsequent iterations would be permitted. As the result, those subsequent data changes would be done in their own individual sessions (transactions).

With the proposed support, the code in the loop could be represented by a separate method annotated with @SessionRequired(requireNestedScope = true) (or something like that) that would fail if invoked outside of the scope for an active session.

Implementation considerations

An introduction of attribute requireNestedScope in SessionRequired could easily lead to conflicts with allowNestedScope by specify @SessionRequried(allowNestedScope = false, requiredNestedScope = true). Effectively, these attributes are mutually exclusive.

Therefore, it is recommended to introduce enum SessionPolicy(NESTED_SCOPE_ALLOWED, NESTED_SCOPE_RESTRICTED, NESTED_SCOPE_REQUIRED) and refactor attribute boolean allowNestedScope() default true to SessionPolicy scopeOption() default NESTED_SCOPE_ALLOWED.

The implementation of SessionInterceptor needs to be modified accordingly. Also, the attribute change would be a breaking change for existing TG-based applications. However, the adjustment itself should be a trivial matter, where occurences of @SessionRequired(allowNestedScope = false) would need to be replaced by @SessionRequired(scopeOption = NESTED_SCOPE_RESTRICTED).

Expected outcome

More fine-grained declarative session management, enforcing method invocation to happen only in the scope of an active session without starting a new one.

01es avatar Feb 08 '24 01:02 01es