Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-221

UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.8
    • Fix Version/s: 1.5.9, 1.6
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.

      This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.

      This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coheigea Colm O hEigeartaigh
                Reporter:
                davebryant Dave Bryant
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: