syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SYNCOPE-1301) Token creation is not threadsafe
Date Thu, 12 Apr 2018 15:39:00 GMT

    [ https://issues.apache.org/jira/browse/SYNCOPE-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435792#comment-16435792
] 

ASF GitHub Bot commented on SYNCOPE-1301:
-----------------------------------------

Github user IsurangaPerera commented on the issue:

    https://github.com/apache/syncope/pull/70
  
    A validation error will be raised in the worst case(As I see the thread safe problem won't
just affect the login as we discussed Saml as well. So Unique constraint will only prevent
those scenarios. the advantage is the validation error is the worst case. It won't negatively
affect the flow of the system like in thrad safe problem(Users being blocked from login)


> Token creation is not threadsafe
> --------------------------------
>
>                 Key: SYNCOPE-1301
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1301
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.8
>            Reporter: Isuranga Perera
>            Priority: Major
>             Fix For: 2.0.9, 2.1.0
>
>
> Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This could result
in several problems including
>  * Exist 2 different access token for a particular user at a given time which may result
in an exception thrown by method call[2] since it expects a single token a given user.
> In addition to that token replace is implemented as a combination of 2 different functionalities.
Since the method is not thread safe this may cause some unexpected behaviors (since there
can be 2 tokens exist for a particular user. same scenario as above).
> [1] [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104]
> [2] [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message