Repository: wicket
Updated Branches:
  refs/heads/wicket-7.x f2c165cf9 -> 87fa74899


WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/a384c6f7
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/a384c6f7
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/a384c6f7

Branch: refs/heads/wicket-7.x
Commit: a384c6f75df0b13962b65a948d766f73b39e11ba
Parents: 6f530a9
Author: Martin Tzvetanov Grigorov <mgrigo...@apache.org>
Authored: Sat Sep 10 13:12:28 2016 +0200
Committer: Martin Tzvetanov Grigorov <mgrigo...@apache.org>
Committed: Sat Sep 10 13:12:28 2016 +0200

----------------------------------------------------------------------
 .../authentication/AuthenticatedWebSession.java | 21 ++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/a384c6f7/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
----------------------------------------------------------------------
diff --git 
a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
 
b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
index 1c814e9..c8058f5 100644
--- 
a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
+++ 
b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
@@ -19,6 +19,7 @@ package org.apache.wicket.authroles.authentication;
 import org.apache.wicket.Session;
 import org.apache.wicket.request.Request;
 
+import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
  * Basic authenticated web session. Subclasses must provide a method that 
authenticates the session
@@ -39,7 +40,7 @@ public abstract class AuthenticatedWebSession extends 
AbstractAuthenticatedWebSe
        }
 
        /** True when the user is signed in */
-       private volatile boolean signedIn;
+       private final AtomicBoolean signedIn = new AtomicBoolean(false);
 
        /**
         * Construct.
@@ -62,12 +63,16 @@ public abstract class AuthenticatedWebSession extends 
AbstractAuthenticatedWebSe
         */
        public final boolean signIn(final String username, final String 
password)
        {
-               signedIn = authenticate(username, password);
-               if (signedIn)
+               if (signedIn.compareAndSet(false, true))
                {
-                       bind();
+                       boolean authenticated = authenticate(username, 
password);
+                       if (authenticated)
+                       {
+                               bind();
+                       }
+                       signedIn.set(authenticated);
                }
-               return signedIn;
+               return signedIn.get();
        }
 
        /**
@@ -96,7 +101,7 @@ public abstract class AuthenticatedWebSession extends 
AbstractAuthenticatedWebSe
         */
        protected final void signIn(boolean value)
        {
-               signedIn = value;
+               signedIn.set(value);
        }
 
        /**
@@ -105,7 +110,7 @@ public abstract class AuthenticatedWebSession extends 
AbstractAuthenticatedWebSe
        @Override
        public final boolean isSignedIn()
        {
-               return signedIn;
+               return signedIn.get();
        }
 
        /**
@@ -113,7 +118,7 @@ public abstract class AuthenticatedWebSession extends 
AbstractAuthenticatedWebSe
         */
        public void signOut()
        {
-               signedIn = false;
+               signedIn.set(false);
        }
 
        /**

Reply via email to