Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BBD85200BC5 for ; Tue, 22 Nov 2016 18:44:05 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id BA86C160B1C; Tue, 22 Nov 2016 17:44:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0ED56160AF1 for ; Tue, 22 Nov 2016 18:44:04 +0100 (CET) Received: (qmail 19289 invoked by uid 500); 22 Nov 2016 17:43:58 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 19225 invoked by uid 99); 22 Nov 2016 17:43:58 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Nov 2016 17:43:58 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 6DAA92C4C74 for ; Tue, 22 Nov 2016 17:43:58 +0000 (UTC) Date: Tue, 22 Nov 2016 17:43:58 +0000 (UTC) From: "Colm O hEigeartaigh (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CXF-7148) Race Condition while handling symmetric key in SymmetricBindingHandler MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 22 Nov 2016 17:44:05 -0000 [ https://issues.apache.org/jira/browse/CXF-7148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15687380#comment-15687380 ] Colm O hEigeartaigh commented on CXF-7148: ------------------------------------------ We need to cache SecurityTokens to make sure that we have access to the symmetric key when processing the response. I think the problem here is that the key used to cache the tokens is dependent on the request. CXF uses random wsu:Ids, but other stacks do not. I'll take a look at this tomorrow. Colm. > Race Condition while handling symmetric key in SymmetricBindingHandler > ---------------------------------------------------------------------- > > Key: CXF-7148 > URL: https://issues.apache.org/jira/browse/CXF-7148 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Affects Versions: 3.1.7, 3.1.8 > Reporter: Max Fichtelmann > Assignee: Colm O hEigeartaigh > > when using an asymmetricBinding, when requested in parallel, quite a few requests fail, where the client could not associate a symmetric key with the response. > As it turned out, the symmetric key was stored temporarily in a cache using an id that is not unique at all. > {code:title=SymmetricBindingHandler.java|borderStyle=solid} > // line 985 via 162 > tokenStore.add(tempTok); > // line 182 > tok = tokenStore.getToken(tokenId); > {code} > This leads to a race condition if another thread reaches line 162 before the key is retrieved in 182 and the same id is used. > In my case, the id was "_5002" consistently. > We implemented a hack using a ThreadLocal based TokenStore, but I think the symmetric key should actually not be cached at all. -- This message was sent by Atlassian JIRA (v6.3.4#6332)