syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Isuranga Perera <isurangamper...@gmail.com>
Subject Token creation is not thread safe
Date Mon, 09 Apr 2018 05:07:25 GMT
Hi All,

Token create method in AccessTokenDataBinderImpl[1] is not thread safe.
This could result in several problems including

   - Exist 2 different access token for a particular user at a given time
   which may result in an exception thrown by method call[2] since it expects
   a single token a given user.

In addition to that token replace is implemented as a combination of 2
different functionalities. Since the method is not thread safe this may
cause some unexpected behaviors (since there can be 2 tokens exist for a
particular user. same scenario as above).

Appreciate your insight on the $subject.

[1]
https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104

[2]
https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113

Best Regards
Isuranga Perera

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message