[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15479636#comment-15479636 ]
ASF subversion and git services commented on WICKET-6242: --------------------------------------------------------- Commit a384c6f75df0b13962b65a948d766f73b39e11ba in wicket's branch refs/heads/WICKET-6242-authenticate-once from [~mgrigorov] [ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=a384c6f ] WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn > Weak concurrency management in AuthenticatedWebSession#signedIn > --------------------------------------------------------------- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles > Affects Versions: 8.0.0-M1, 7.4.0 > Reporter: Martin Grigorov > Assignee: Martin Grigorov > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)