Token Interceptor is holding HttpSession lock which can trigger deaklocks
-------------------------------------------------------------------------
Key: WW-3582
URL: https://issues.apache.org/jira/browse/WW-3582
Project: Struts 2
Issue Type: Bug
Components: Core Interceptors
Affects Versions: 2.2.1
Environment: Any (windows/Linux)
Reporter: Lucy
In class TokenInterceptor::doIntercept() function, it was using HttpSession
lock when check tokens, it should release the lock before calling
invocation.invoke().
Because invocation.invoke() was called inside the httpsession lock, it will
hold the lock until all the other intercetors listed after the token
interceptor have been processed.
(This triggered a dead lock in our software environment.)
It should release the lock before it calls invocation.invoke();
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
