[
https://issues.apache.org/jira/browse/SYNCOPE-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435748#comment-16435748
]
ASF GitHub Bot commented on SYNCOPE-1301:
-----------------------------------------
Github user ilgrosso commented on the issue:
https://github.com/apache/syncope/pull/70
Ok, let's try this way: please re-introduce the UNIQUE constraint but
rework the whole `AccessTokenDataBinderImpl#create` to comply with the two
invocation scenarios as reported above.
Do you think it could be feasible?
> Token creation is not threadsafe
> --------------------------------
>
> Key: SYNCOPE-1301
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1301
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.8
> Reporter: Isuranga Perera
> Priority: Major
> Fix For: 2.0.9, 2.1.0
>
>
> Token create method in AccessTokenDataBinderImpl[1] is not thread safe. This
> could result in several problems including
> * Exist 2 different access token for a particular user at a given time which
> may result in an exception thrown by method call[2] since it expects a single
> token a given user.
> In addition to that token replace is implemented as a combination of 2
> different functionalities. Since the method is not thread safe this may cause
> some unexpected behaviors (since there can be 2 tokens exist for a particular
> user. same scenario as above).
> [1]
> [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L104]
> [2]
> [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java#L113]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
