[jira] [Commented] (SYNCOPE-1386) Not committed managed objects can get into L2 cache.

Wed, 31 Oct 2018 10:23:21 -0700 


    [ 
https://issues.apache.org/jira/browse/SYNCOPE-1386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16670410#comment-16670410
 ] 

Dmitriy B. commented on SYNCOPE-1386:
-------------------------------------

[~ilgrosso], Is it also not reproduced when you use not a Master domain, but a 
custom domain?

> Not committed managed objects can get into L2 cache.
> ----------------------------------------------------
>
>                 Key: SYNCOPE-1386
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1386
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.8
>            Reporter: Dmitriy B.
>            Priority: Major
>         Attachments: confirm_pwd_reset_action.sh
>
>
>  
> Hi guys. I noticed the issue that leads to inconsistent data that comes in 
> response. 
>  
> Here is the use-case how to reproduce the problem: 
>  
> 1. Create user in Syncope 
> 2. Do a request password reset action and make sure that token that is used 
> for pwd reset action is generated and stored into database. 
> 3. Restart your application to be sure that L2 cache is empty. 
> 4. Confirm password reset action for this user and make sure that requested 
> password doesn't apply the password rules. In my case password is too short. 
> The exception like "InvalidUser:InvalidPassword: Password too short" should 
> be thrown. 
> 5. Request the user by username. The user that comes in HTTP Response doesn't 
> have "token" and "tokenExpireTime" attributes. But you may find "token" and 
> "tokenExpireTime" value in SyncopeUser table for this user. 
>  
> I also noticed that ~ after 5 minutes left the L2 cache is gone.
> You can find an example in confirm_pwd_reset_action.sh script. Run this 
> command to execute the script: 
> "./confirm_pwd_reset_action.sh | tee temp.log" 
> Here I'm trying to do confirm-password-reset action after 5 minutes of 
> waiting with the password that doesn't match the rules. And then I'm 
> requesting user by username. In response it comes without "token" and 
> "tokenExpireTime".
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to