Vitali Yarmolik created OLINGO-493:
--------------------------------------
Summary: Possible concurrency issue in ODataServlet
Key: OLINGO-493
URL: https://issues.apache.org/jira/browse/OLINGO-493
Project: Olingo
Issue Type: Improvement
Components: odata2-core
Affects Versions: V2 2.0.1
Reporter: Vitali Yarmolik
Priority: Critical
The implementation of {{org.apache.olingo.odata2.core.servlet.ODataServlet}}
HTTP servlet is not thread safe. Looking into the source code of the servlet we
can see it has two private fields defined in the following way:
{code}
private ODataServiceFactory serviceFactory;
private int pathSplit = 0;
{code}
The {{serviceFactory}} field is initialized in the servlet's {{service()}}
method for every service request and later used in the servlet's
{{handleRequest(HttpServletRequest, ODataHttpMethod, HttpServletResponse)}}
method.
The situation is similar for the {{pathSplit}} field as well.
Because ODataServlet does not implement {{javax.servlet.SingleThreadModel}}
interface (_and should not, in my personal opinion_), the web container will
create only one instance of the servlet which will be used by different threads
representing the different HTTP requests. In more or less heavy-loaded scenario
it can definitely cause concurrency issues.
For example, both the fields can be re-initialized in the {{service()}} method
by one thread before another thread will start using them in the
{{handleRequest()}} method.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
