Repository: wicket Updated Branches: refs/heads/WICKET-6242-authenticate-once [created] a384c6f75
WICKET-6242 Weak concurrency management in AuthenticatedWebSession#signedIn Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/a384c6f7 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/a384c6f7 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/a384c6f7 Branch: refs/heads/WICKET-6242-authenticate-once Commit: a384c6f75df0b13962b65a948d766f73b39e11ba Parents: 6f530a9 Author: Martin Tzvetanov Grigorov <mgrigo...@apache.org> Authored: Sat Sep 10 13:12:28 2016 +0200 Committer: Martin Tzvetanov Grigorov <mgrigo...@apache.org> Committed: Sat Sep 10 13:12:28 2016 +0200 ---------------------------------------------------------------------- .../authentication/AuthenticatedWebSession.java | 21 ++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/a384c6f7/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java ---------------------------------------------------------------------- diff --git a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java index 1c814e9..c8058f5 100644 --- a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java +++ b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java @@ -19,6 +19,7 @@ package org.apache.wicket.authroles.authentication; import org.apache.wicket.Session; import org.apache.wicket.request.Request; +import java.util.concurrent.atomic.AtomicBoolean; /** * Basic authenticated web session. Subclasses must provide a method that authenticates the session @@ -39,7 +40,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe } /** True when the user is signed in */ - private volatile boolean signedIn; + private final AtomicBoolean signedIn = new AtomicBoolean(false); /** * Construct. @@ -62,12 +63,16 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe */ public final boolean signIn(final String username, final String password) { - signedIn = authenticate(username, password); - if (signedIn) + if (signedIn.compareAndSet(false, true)) { - bind(); + boolean authenticated = authenticate(username, password); + if (authenticated) + { + bind(); + } + signedIn.set(authenticated); } - return signedIn; + return signedIn.get(); } /** @@ -96,7 +101,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe */ protected final void signIn(boolean value) { - signedIn = value; + signedIn.set(value); } /** @@ -105,7 +110,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe @Override public final boolean isSignedIn() { - return signedIn; + return signedIn.get(); } /** @@ -113,7 +118,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe */ public void signOut() { - signedIn = false; + signedIn.set(false); } /**