[ http://issues.apache.org/jira/browse/JCR-446?page=comments#action_12414024 ]
Jukka Zitting commented on JCR-446: ----------------------------------- Looking at the code I actually think that getWorkspaceInfo() *should* be synchronized regardless of what we do with login. The wspInfos map is not necessarily thread-safe, so invoking get() on it (or keySet() in getWorkspaceNames()) may cause a problem if a concurrent thread is invoking a synchronized createWorkspace() method. Thus I actually think that either the wspInfos map or the getWorkspaceInfo() and getWorkspaceNames() should be synchronized. On the other hand login() should not be synchronized, as the JAAS authentication could easily block other threads while waiting for the user to enter a password or something similar. In any case, the crucial part seems to be the createSession() methods, that are currently synchronized, but do not invoke the sanityCheck() method. Thus it is possible for login() to start and invoke sanityCheck() before a shutdown is initiated, but stall waiting for user credentials during JAAS authentication. If during that time the repository is shutdown, login() will still continue to call createSession() without any more sanity checks. Adding sanityCheck() calls to the createSession() methods should solve this quite nicely. > Prevent logins during repository shutdown > ----------------------------------------- > > Key: JCR-446 > URL: http://issues.apache.org/jira/browse/JCR-446 > Project: Jackrabbit > Type: Improvement > Components: core > Versions: 1.0, 1.0.1, 0.9 > Reporter: Jukka Zitting > Priority: Minor > > Related to the last comment in JCR-445, should we prevent new sessions from > being created during repository shutdown? It is an odd chance to run into a > problem like that, but it seems like the issue could be easily solved by > making getWorkspaceInfo() synchronized and adding sanityCheck() calls to the > createSession() methods. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
