[SYNCOPE-1301] Token creation is not threadsafe - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.8
Fix Version/s: 2.0.9, 2.1.0
Component/s: core
Labels:
None

Description

Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This could result in several problems including

Exist 2 different access token for a particular user at a given time which may result in an exception thrown by method call[2] since it expects a single token a given user.

In addition to that token replace is implemented as a combination of 2 different functionalities. Since the method is not thread safe this may cause some unexpected behaviors (since there can be 2 tokens exist for a particular user. same scenario as above).

[1] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104

[2] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113

Attachments

Issue Links

links to

GitHub Pull Request #70

ML thread

Activity

People

Assignee:

Francesco Chicchiriccò

Reporter:

Isuranga Perera

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

12/Apr/18 06:17

Updated:

27/Jun/18 13:18

Resolved:

13/Apr/18 07:50