Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1301

Token creation is not threadsafe

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.8
    • 2.0.9, 2.1.0
    • core
    • None

    Description

      Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This could result in several problems including

      • Exist 2 different access token for a particular user at a given time which may result in an exception thrown by method call[2] since it expects a single token a given user.

      In addition to that token replace is implemented as a combination of 2 different functionalities. Since the method is not thread safe this may cause some unexpected behaviors (since there can be 2 tokens exist for a particular user. same scenario as above).

      [1] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104

      [2] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113

      Attachments

        Issue Links

          Activity

            People

              ilgrosso Francesco Chicchiriccò
              IsurangaPerera Isuranga Perera
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: