Concern about code that guards against multiple Subscribers in AbstractSinglePublisher

[simonbasle]

Hi,
I noticed in the code of AbstractSinglePublisher.subscribe(Subscriber) that the publisher is passing itself as a Subscription to incoming Subscribers. This publisher obviously guards against multiple subscriptions, only allowing one Subscriber at a time. Extra subscribers are rejected with an onError signal, which is good.

The trouble is that in that guarding logic, even if a second Subscriber is rejected it will receive the AbstractSinglePublisher instance as its Subscription (subscriber.doOnSubscribe(this))...

My concern is that the extraneous Subscriber could make use of this ("shared") Subscription (e.g. perform a request), which would lead to potentially corrupted state for the publisher and by extension the legit Subscriber.

Note that the Reactive Streams specification does mention that a Subscription-Subscriber pair should be unique, even though there is no numbered rule to refer to. See the note at the end of the Subscription section (right above that link):

A Subscription is shared by exactly one Publisher and one Subscriber for the purpose of mediating the data exchange between this pair.