Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7148

Race Condition while handling symmetric key in SymmetricBindingHandler

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.1.7, 3.1.8
    • 3.1.9, 3.0.12, 3.2.0
    • WS-* Components
    • None
    • Unknown

    Description

      when using an asymmetricBinding, when requested in parallel, quite a few requests fail, where the client could not associate a symmetric key with the response.

      As it turned out, the symmetric key was stored temporarily in a cache using an id that is not unique at all.

      SymmetricBindingHandler.java
      // line 985 via 162
      tokenStore.add(tempTok);
      
      // line 182
      tok = tokenStore.getToken(tokenId);
      

      This leads to a race condition if another thread reaches line 162 before the key is retrieved in 182 and the same id is used.

      In my case, the id was "_5002" consistently.

      We implemented a hack using a ThreadLocal based TokenStore, but I think the symmetric key should actually not be cached at all.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            MaxFichtelmann Max Fichtelmann
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: