Github user dblevins commented on a diff in the pull request:
https://github.com/apache/tomee/pull/262#discussion_r240016965
--- Diff:
container/openejb-loader/src/main/java/org/apache/openejb/loader/FileUtils.java
---
@@ -20,18 +20,25 @@
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Hashtable;
+import java.util.concurrent.ThreadLocalRandom;
@SuppressWarnings("PMD.OverrideBothEqualsAndHashcode")
public class FileUtils {
- private static final java.util.Random _random = new java.util.Random();
+ private static final ThreadLocalRandom _random =
ThreadLocalRandom.current();
--- End diff --
Not this isn't safe usage of `ThreadLocalRandom`. Whatever thread
initializes `FileUtils` will have its not-thread-safe instance of
ThreadLocalRandom saved in a static field and shared thereafter by all threads.
In short, this code grabs what is intended to be thread-scoped and stores it
into the java heap which is seen/shared by all threads. You need to call
`ThreadLocalRandom.current()` in each method that needs a `ThreadLocalRandom`.
---
