Rob Baily created WW-4409:
-----------------------------
Summary: Modify the TokenInterceptor not to lock the session
object while handling and invalid token
Key: WW-4409
URL: https://issues.apache.org/jira/browse/WW-4409
Project: Struts 2
Issue Type: Improvement
Components: Core Interceptors
Affects Versions: 2.3.18
Reporter: Rob Baily
Similar to WW-3582. Currently the In TokenInterceptor class in the handleToken
method there is a lock on the session object and the handleInvalidToken method
is called within that block. In our environment we overrode the
handleInvalidToken and it turned out that when this method ran long that any
other requests for the user were immediately blocked and the threads were
locked up and unable process any further requests.
I would like to see if we can change the handleToken method not to lock the
session when calling the method to handle an invalid token. I realize that it
may not be an ideal implementation and the base implementation should be fast
but it does seem like the time an object is locked should be minimized. I
don't know if there is a reason that the invalid method would need to be in
that block.
I am including a patch for the change on this. It does not affect the tests
and I do not know if there is a good way to add a test that would check the
locking.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
