cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Commented] (CXF-7148) Race Condition while handling symmetric key in SymmetricBindingHandler
Date Tue, 22 Nov 2016 17:43:58 GMT


Colm O hEigeartaigh commented on CXF-7148:

We need to cache SecurityTokens to make sure that we have access to the symmetric key when
processing the response. I think the problem here is that the key used to cache the tokens
is dependent on the request. CXF uses random wsu:Ids, but other stacks do not. I'll take a
look at this tomorrow.


> Race Condition while handling symmetric key in SymmetricBindingHandler
> ----------------------------------------------------------------------
>                 Key: CXF-7148
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.1.7, 3.1.8
>            Reporter: Max Fichtelmann
>            Assignee: Colm O hEigeartaigh
> when using an asymmetricBinding, when requested in parallel, quite a few requests fail,
where the client could not associate a symmetric key with the response.
> As it turned out, the symmetric key was stored temporarily in a cache using an id that
is not unique at all.
> {|borderStyle=solid}
> // line 985 via 162
> tokenStore.add(tempTok);
> // line 182
> tok = tokenStore.getToken(tokenId);
> {code}
> This leads to a race condition if another thread reaches line 162 before the key is retrieved
in 182 and the same id is used.
> In my case, the id was "_5002" consistently.
> We implemented a hack using a ThreadLocal based TokenStore, but I think the symmetric
key should actually not be cached at all.

This message was sent by Atlassian JIRA

View raw message