[
https://issues.apache.org/jira/browse/WW-4409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-4409:
------------------------------
Fix Version/s: 7.2.0
(was: 7.1.0)
> Modify the TokenInterceptor not to lock the session object while handling and
> invalid token
> -------------------------------------------------------------------------------------------
>
> Key: WW-4409
> URL: https://issues.apache.org/jira/browse/WW-4409
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Affects Versions: 2.3.20
> Reporter: Rob Baily
> Priority: Minor
> Fix For: 7.2.0
>
> Attachments: tokeninterceptor.patch
>
>
> Similar to WW-3582. Currently in the TokenInterceptor class in the
> handleToken method there is a lock on the session object and the
> handleInvalidToken method is called within that block. In our environment we
> overrode the handleInvalidToken and it turned out that when this method ran
> long that any other requests for the user were immediately blocked and the
> threads were locked up and unable process any further requests.
> I would like to see if we can change the handleToken method not to lock the
> session when calling the method to handle an invalid token. I realize that
> ours may not be an ideal implementation and the base implementation should be
> fast but it does seem like the time an object is locked should be minimized.
> I don't know if there is a reason that the invalid method would need to be in
> that block.
> I am including a patch for the change on this. It does not affect the tests
> and I do not know if there is a good way to add a test that would check the
> locking.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
