Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1301

Token creation is not threadsafe

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.8
    • Fix Version/s: 2.0.9, 2.1.0
    • Component/s: core
    • Labels:
      None

      Description

      Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This could result in several problems including

      • Exist 2 different access token for a particular user at a given time which may result in an exception thrown by method call[2] since it expects a single token a given user.

      In addition to that token replace is implemented as a combination of 2 different functionalities. Since the method is not thread safe this may cause some unexpected behaviors (since there can be 2 tokens exist for a particular user. same scenario as above).

      [1] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104

      [2] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113

        Attachments

          Issue Links

          links to

          Web Link GitHub Pull Request #70

          Web Link ML thread

            Activity

              People

              • Assignee:
                ilgrosso Francesco Chicchiriccò
                Reporter:
                IsurangaPerera Isuranga Perera
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: