[WW-4409] Modify the TokenInterceptor not to lock the session object while handling and invalid token - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 2.3.20
Fix Version/s: 7.0.0
Component/s: Core Interceptors
Labels:
None

Flags:

Patch

Description

Similar to ~~WW-3582~~. Currently in the TokenInterceptor class in the handleToken method there is a lock on the session object and the handleInvalidToken method is called within that block. In our environment we overrode the handleInvalidToken and it turned out that when this method ran long that any other requests for the user were immediately blocked and the threads were locked up and unable process any further requests.

I would like to see if we can change the handleToken method not to lock the session when calling the method to handle an invalid token. I realize that ours may not be an ideal implementation and the base implementation should be fast but it does seem like the time an object is locked should be minimized. I don't know if there is a reason that the invalid method would need to be in that block.

I am including a patch for the change on this. It does not affect the tests and I do not know if there is a good way to add a test that would check the locking.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

tokeninterceptor.patch
30/Sep/14 15:51
1 kB
Rob Baily

Issue Links

is related to

WW-3582 Token Interceptor is holding HttpSession lock which can trigger deadlocks

Closed

WW-3865 TokenSesion double submit sends a blank page to ie and stacktrace on server

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Rob Baily

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Sep/14 15:51

Updated:: 22/Oct/22 13:53