On 09/04/2018 07:07, Isuranga Perera wrote:
Hi All,
Token create method in AccessTokenDataBinderImpl[1] is not thread safe.
Could you please explain why you're affirming this?
This could result in several problems including
* Exist 2 different access token for a particular user at a given
time which may result in an exception thrown by method call[2]
since it expects a single token a given user.
In addition to that token replace is implemented as a combination of 2
different functionalities. Since the method is not thread safe this
may cause some unexpected behaviors (since there can be 2 tokens exist
for a particular user. same scenario as above).
Appreciate your insight on the $subject.
[1]
https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104
[2]
https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113
Best Regards
Isuranga Perera
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
