[jira] [Commented] (WW-3582) Token Interceptor is holding HttpSession lock which can trigger deadlocks

Fri, 05 Oct 2012 03:36:09 -0700 

    [ 
https://issues.apache.org/jira/browse/WW-3582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13470217#comment-13470217
 ] 

Hudson commented on WW-3582:
----------------------------

Integrated in Struts2 #536 (See [https://builds.apache.org/job/Struts2/536/])
    WW-3865 rollbacks changes to TokenInterceptor applied with WW-3582 and adds 
new method handleToken() to allow in different way lock session object 
(Revision 1394422)

     Result = SUCCESS
lukaszlenart : 
Files : 
* 
/struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
* 
/struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java

                
> Token Interceptor is holding HttpSession lock which can trigger deadlocks
> -------------------------------------------------------------------------
>
>                 Key: WW-3582
>                 URL: https://issues.apache.org/jira/browse/WW-3582
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Interceptors
>    Affects Versions: 2.2.1
>         Environment: Any (windows/Linux)
>            Reporter: Lucy
>            Assignee: Lukasz Lenart
>             Fix For: 2.2.3
>
>
> In class TokenInterceptor::doIntercept() function, it was using HttpSession 
> lock when check tokens, it should release the lock before calling 
> invocation.invoke().
> Because invocation.invoke() was called inside the httpsession lock, it will 
> hold the lock until all the other intercetors listed after the token 
> interceptor have been processed.
> (This triggered a dead lock in our software environment.)
> It should release the lock before it calls invocation.invoke();
> {code:java}
> protected String doIntercept(ActionInvocation invocation) throws Exception {
>         if (log.isDebugEnabled()) {
>             log.debug("Intercepting invocation to check for valid transaction 
> token.");
>         }
>         //see WW-2902: we need to use the real HttpSession here, as opposed 
> to the map
>         //that wraps the session, because a new wrap is created on every 
> request
>         HttpSession session = 
> ServletActionContext.getRequest().getSession(true);
>         synchronized (session) {
>             if (!TokenHelper.validToken()) {
>                 return handleInvalidToken(invocation);
>             }
>             return handleValidToken(invocation);  
>         }
>     }
> protected String handleValidToken(ActionInvocation invocation) throws 
> Exception {
>         return invocation.invoke();  <------------------------- this line 
> needs to be moved out of the session lock.
>     }
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to