Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E0A62200BC8 for ; Wed, 23 Nov 2016 12:02:59 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id DF60A160B1E; Wed, 23 Nov 2016 11:02:59 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3E7F6160AFA for ; Wed, 23 Nov 2016 12:02:59 +0100 (CET) Received: (qmail 62041 invoked by uid 500); 23 Nov 2016 11:02:58 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 62024 invoked by uid 99); 23 Nov 2016 11:02:58 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Nov 2016 11:02:58 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 57CCA2C03DC for ; Wed, 23 Nov 2016 11:02:58 +0000 (UTC) Date: Wed, 23 Nov 2016 11:02:58 +0000 (UTC) From: "Colm O hEigeartaigh (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CXF-7148) Race Condition while handling symmetric key in SymmetricBindingHandler MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 23 Nov 2016 11:03:00 -0000 [ https://issues.apache.org/jira/browse/CXF-7148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15689763#comment-15689763 ] Colm O hEigeartaigh commented on CXF-7148: ------------------------------------------ OK I've merged a fix, which is to avoid caching SecurityTokens in this case on the receiving side. They only need to be cached on the requesting side, so that we can process the response. Please confirm that this fix works for you. > Race Condition while handling symmetric key in SymmetricBindingHandler > ---------------------------------------------------------------------- > > Key: CXF-7148 > URL: https://issues.apache.org/jira/browse/CXF-7148 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Affects Versions: 3.1.7, 3.1.8 > Reporter: Max Fichtelmann > Assignee: Colm O hEigeartaigh > Fix For: 3.2.0, 3.1.9, 3.0.12 > > > when using an asymmetricBinding, when requested in parallel, quite a few requests fail, where the client could not associate a symmetric key with the response. > As it turned out, the symmetric key was stored temporarily in a cache using an id that is not unique at all. > {code:title=SymmetricBindingHandler.java|borderStyle=solid} > // line 985 via 162 > tokenStore.add(tempTok); > // line 182 > tok = tokenStore.getToken(tokenId); > {code} > This leads to a race condition if another thread reaches line 162 before the key is retrieved in 182 and the same id is used. > In my case, the id was "_5002" consistently. > We implemented a hack using a ThreadLocal based TokenStore, but I think the symmetric key should actually not be cached at all. -- This message was sent by Atlassian JIRA (v6.3.4#6332)