[
https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated WSS-221:
------------------------------------
Fix Version/s: 1.6
1.5.9
Assignee: Colm O hEigeartaigh (was: Ruchith Udayanga Fernando)
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded
> environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
>
> The unique identifier generator used in wss4j generates duplicate identifiers
> in a multi-threaded environment. The problem is because the getUUID() method
> is not synchronized, but internally modifies a number of variables (in
> particular the incrementingValue). If multiple threads call this
> simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token
> identifiers, so if multiple threads are processing messages simultaneously it
> is possible for two different keys to have the same identifier. These keys
> then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the
> UUIDGenerator in AXIOM (this class seems to have been originally copied from
> that one, but before the fix was applied). The fix is to simply make the
> UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
