struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject struts git commit: WW-4730 Uses session.getId().intern() to properly lock down session
Date Mon, 09 Jan 2017 10:52:39 GMT
Repository: struts
Updated Branches:
  refs/heads/master 08e181a4f -> fc6ffba9c


WW-4730 Uses session.getId().intern() to properly lock down session


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/fc6ffba9
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/fc6ffba9
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/fc6ffba9

Branch: refs/heads/master
Commit: fc6ffba9cf08cbd709be89f7df3edc7475567e4e
Parents: 08e181a
Author: Lukasz Lenart <lukaszlenart@apache.org>
Authored: Mon Jan 9 11:52:30 2017 +0100
Committer: Lukasz Lenart <lukaszlenart@apache.org>
Committed: Mon Jan 9 11:52:30 2017 +0100

----------------------------------------------------------------------
 .../java/org/apache/struts2/interceptor/I18nInterceptor.java   | 6 ++++--
 .../java/org/apache/struts2/interceptor/TokenInterceptor.java  | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/fc6ffba9/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
index 4d3bdf0..da7c6b7 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java
@@ -221,7 +221,8 @@ public class I18nInterceptor extends AbstractInterceptor {
         Map<String, Object> session = invocation.getInvocationContext().getSession();
 
         if (session != null) {
-            synchronized (session) {
+            String sessionId = ServletActionContext.getRequest().getSession().getId();
+            synchronized (sessionId.intern()) {
                 session.put(attributeName, locale);
             }
         }
@@ -293,7 +294,8 @@ public class I18nInterceptor extends AbstractInterceptor {
         Map<String, Object> session = invocation.getInvocationContext().getSession();
 
         if (session != null) {
-            synchronized (session) {
+            String sessionId = ServletActionContext.getRequest().getSession().getId();
+            synchronized (sessionId.intern()) {
                 Object sessionLocale = session.get(attributeName);
                 if (sessionLocale != null && sessionLocale instanceof Locale) {
                     Locale locale = (Locale) sessionLocale;

http://git-wip-us.apache.org/repos/asf/struts/blob/fc6ffba9/core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
index 7307c81..1361671 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
@@ -145,7 +145,7 @@ public class TokenInterceptor extends MethodFilterInterceptor {
         //see WW-2902: we need to use the real HttpSession here, as opposed to the map
         //that wraps the session, because a new wrap is created on every request
         HttpSession session = ServletActionContext.getRequest().getSession(true);
-        synchronized (session) {
+        synchronized (session.getId().intern()) {
             if (!TokenHelper.validToken()) {
                 return handleInvalidToken(invocation);
             }


Mime
View raw message