Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-78050

Add a rule to prevent passing HttpRequest, ThemeDisplay as parameters to methods


    • Branch Version/s:
    • Backported to Branch:


      Developers are often adding new APIs with methods that receive HttpServletRequest, ThemeDisplay or even ServiceContext as parameters. We have learned the hard way that in most circumstances this is a very bad idea that leads to bugs and no reusability of the API from a different context. Not only that, but this type of API is really hard to debug and even harder to replace when the problems arise. It's much more efficient to prevent them to begin with.
      Because of this, I would like to propose defining some new rules and enforcing them (whenever possible with SourceFormatter). Here are some specific proposals:

      • HttpServletRequest: It should not be allowed unless the method is meant to do rendering. The same applies to HttpServletResponse. This should only be allowed in:
        • Portlet controllers
        • Render/Action/ResourceCommands
      • ThemeDisplay: I think we should disallow it completely. This is a context object that is useful for JSPs and theme templates. It should not be used in other contexts.
      • ServiceContext: It should not be allowed anywhere except for service methods.

      We currently probably have several violations to these rules. Upon looking at them we can decide whether we want to add some additional allowed cases or whether we just need to add the current violations as temporary exclusions




            • Assignee:
              support-qa Support QA
              jorge.ferrer Jorge Ferrer
              Recent user:
              Enterprise Release HU
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created:


                Version Package