tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris R <chris.tech...@gmail.com>
Subject atomicity problem in SecurityUtil.java
Date Sat, 21 Jul 2012 20:32:52 GMT
Hi,

I am looking at SecurityUtil.java (
http://www.docjar.com/html/api/org/apache/catalina/security/SecurityUtil.java.html)

and it seems that there may be a problem there. More specifically, in the
execute method, getAttribute of Globals.SUBJECT_ATTR is obtained on a
session
and then it is set in a non-atomic fashion.

http://stackoverflow.com/questions/616601/is-httpsession-thread-safe-are-set-get-attribute-thread-safe-operations/616723#616723
says that the get and set should be synchronized on a session. Is this
going to be a problem? Should I file a bug?

Thanks,
Chris.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message