struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4730) TokenInterceptor synchronized on session.getId().intern()
Date Mon, 09 Jan 2017 11:31:58 GMT

    [ https://issues.apache.org/jira/browse/WW-4730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15811544#comment-15811544
] 

Hudson commented on WW-4730:
----------------------------

SUCCESS: Integrated in Jenkins build Struts-JDK7-master #581 (See [https://builds.apache.org/job/Struts-JDK7-master/581/])
WW-4730 Uses session.getId().intern() to properly lock down session (lukaszlenart: rev fc6ffba9cf08cbd709be89f7df3edc7475567e4e)
* (edit) core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
* (edit) core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java


> TokenInterceptor synchronized on session.getId().intern()
> ---------------------------------------------------------
>
>                 Key: WW-4730
>                 URL: https://issues.apache.org/jira/browse/WW-4730
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Interceptors
>    Affects Versions: 2.5.x
>            Reporter: Simone Cordaro
>            Assignee: Lukasz Lenart
>              Labels: interceptors, patch, token
>             Fix For: 2.5.next
>
>         Attachments: TokenInterceptor.java
>
>
> As already done on TokenSessionStoreInterceptor, TokenInterceptor's handleToken method
need to be synchronized on "session.getId().intern()" instead of "session"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message