tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: atomicity problem in SecurityUtil.java
Date Sun, 22 Jul 2012 07:44:40 GMT


Chris R <chris.tech.sf@gmail.com> wrote:

>Mark,
>
>Thank you for your "kind" response.
>
>>> and it seems that there may be a problem there. More specifically, in the
>>> execute method, getAttribute of Globals.SUBJECT_ATTR is obtained on a
>>> session and then it is set in a non-atomic fashion.
>>
>> While that statement is true, you have not explained why this is a
>> problem in this particular case.
>>
> What more explanation is needed?

So far you have only provide a theoretical explanation of why there might be a problem. You
need to provide a concrete example of how a problem could occur given how Tomcat uses this
attribute. The "given how Tomcat uses this attribute" part is important. This is an internal
attribute that is only used by Tomcat. Therefore whether or not there is a problem here is
highly dependent on how Tomcat uses it.

>> Having looked at this particular code, I see some potential
>> opportunities for simplifying things but no chance of a threading
>> problem. If you analysis reaches a different conclusion, please share
>> it.

>Why don't you see a threading problem?

Because I have looked at how the attribute is used.

> Is it because multiple threads cannot access this code?
> Is it because a lost update is not a problem?
> Is it because the session is not shared?

Those are certainly possible reasons for this not being an issue. It could be one of those,
it could be something else.

> Instead of a blanket "I do not see a threading problem", provide more
> details so that other new contributors understand and can also help in
> contributing to the project in the future.

My aim is not to provide you with the answer but to point you in the right direction so you
can figure out the answer for yourself. That way you'll learn a little more about Tomcat and
answer will still be in the archives for future contributors. Also, if you spot something
I have missed I have an opportunity to learn something.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message