[ https://issues.apache.org/jira/browse/WICKET-6242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Grigorov resolved WICKET-6242. ------------------------------------- Resolution: Fixed Fix Version/s: 7.5.0 8.0.0-M2 > Weak concurrency management in AuthenticatedWebSession#signedIn > --------------------------------------------------------------- > > Key: WICKET-6242 > URL: https://issues.apache.org/jira/browse/WICKET-6242 > Project: Wicket > Issue Type: Bug > Components: wicket-auth-roles > Affects Versions: 8.0.0-M1, 7.4.0 > Reporter: Martin Grigorov > Assignee: Martin Grigorov > Fix For: 8.0.0-M2, 7.5.0 > > > Discussion at dev@: http://markmail.org/message/syo3m6hrf2ix55rz > Currently [1] uses a volatile boolean "signedIn" to control the state. > org.apache.wicket.authroles.authentication.panel.SignInPanel#onConfigure() > tries to make use of it. > IMO this implementation is a bit weak. There are big windows this state to > change in the meantime. > Usually this shouldn't be a big problem, the application will authenticate > the same user twice. > But if the application does something in ISessionListener#onBind() then it > becomes a problem [2]. > 1. > https://github.com/apache/wicket/blob/master/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java > 2. https://issues.apache.org/jira/browse/ISIS-1481 -- This message was sent by Atlassian JIRA (v6.3.4#6332)