[
https://issues.apache.org/jira/browse/SYNCOPE-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435671#comment-16435671
]
ASF GitHub Bot commented on SYNCOPE-1301:
-----------------------------------------
Github user ilgrosso commented on a diff in the pull request:
https://github.com/apache/syncope/pull/70#discussion_r181100854
--- Diff:
core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAAccessToken.java
---
@@ -44,7 +44,7 @@
@Temporal(TemporalType.TIMESTAMP)
private Date expiryTime;
- @Column(nullable = true)
+ @Column(nullable = true, unique = true)
--- End diff --
as said, revert any change here
> Token creation is not threadsafe
> --------------------------------
>
> Key: SYNCOPE-1301
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1301
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.8
> Reporter: Isuranga Perera
> Priority: Major
> Fix For: 2.0.9, 2.1.0
>
>
> Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This
> could result in several problems including
> * Exist 2 different access token for a particular user at a given time which
> may result in an exception thrown by method call[2] since it expects a single
> token a given user.
> In addition to that token replace is implemented as a combination of 2
> different functionalities. Since the method is not thread safe this may cause
> some unexpected behaviors (since there can be 2 tokens exist for a particular
> user. same scenario as above).
> [1]
> [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104]
> [2]
> [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
