While [Inheritable]ThreadLocals are relatively easy to start with to pass along request related information, ThreadLocals come with a non-negligible cost and maintenance burden:
TLs can cause very hard to detect memory leaks as objects (and classes!) are (often permanently) attached to a thread.
TLs and their usage are hard to test
(The use of) TLs can accidentally share data across requests
Use of TLs becomes complex and hard to reason about
The proper way of sharing request related information is to use CDI's @RequestScoped beans.
Is this a possible security vulnerability?
Describe the bug
While
[Inheritable]ThreadLocals are relatively easy to start with to pass along request related information,ThreadLocals come with a non-negligible cost and maintenance burden:The proper way of sharing request related information is to use CDI's
@RequestScopedbeans.To Reproduce
No response
Actual Behavior
No response
Expected Behavior
No response
Additional context
No response
System information
No response