Isuranga Perera created SYNCOPE-1301: ----------------------------------------
Summary: Token creation is not threadsafe Key: SYNCOPE-1301 URL: https://issues.apache.org/jira/browse/SYNCOPE-1301 Project: Syncope Issue Type: Bug Components: core Affects Versions: 2.0.8 Reporter: Isuranga Perera Fix For: 2.0.9, 2.1.0 Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This could result in several problems including * Exist 2 different access token for a particular user at a given time which may result in an exception thrown by method call[2] since it expects a single token a given user. In addition to that token replace is implemented as a combination of 2 different functionalities. Since the method is not thread safe this may cause some unexpected behaviors (since there can be 2 tokens exist for a particular user. same scenario as above). [1] [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104] [2] [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113] -- This message was sent by Atlassian JIRA (v7.6.3#76005)