[jira] Resolved: (WW-3582) Token Interceptor is holding HttpSession lock which can trigger deadlocks

Mon, 28 Feb 2011 22:55:03 -0800 

     [ 
https://issues.apache.org/jira/browse/WW-3582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart resolved WW-3582.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 2.2.2
         Assignee: Lukasz Lenart

Solved, thanks!

> Token Interceptor is holding HttpSession lock which can trigger deadlocks
> -------------------------------------------------------------------------
>
>                 Key: WW-3582
>                 URL: https://issues.apache.org/jira/browse/WW-3582
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Interceptors
>    Affects Versions: 2.2.1
>         Environment: Any (windows/Linux)
>            Reporter: Lucy
>            Assignee: Lukasz Lenart
>             Fix For: 2.2.2
>
>
> In class TokenInterceptor::doIntercept() function, it was using HttpSession 
> lock when check tokens, it should release the lock before calling 
> invocation.invoke().
> Because invocation.invoke() was called inside the httpsession lock, it will 
> hold the lock until all the other intercetors listed after the token 
> interceptor have been processed.
> (This triggered a dead lock in our software environment.)
> It should release the lock before it calls invocation.invoke();
> protected String doIntercept(ActionInvocation invocation) throws Exception {
>         if (log.isDebugEnabled()) {
>             log.debug("Intercepting invocation to check for valid transaction 
> token.");
>         }
>         //see WW-2902: we need to use the real HttpSession here, as opposed 
> to the map
>         //that wraps the session, because a new wrap is created on every 
> request
>         HttpSession session = 
> ServletActionContext.getRequest().getSession(true);
>         synchronized (session) {
>             if (!TokenHelper.validToken()) {
>                 return handleInvalidToken(invocation);
>             }
>             return handleValidToken(invocation);  
>         }
>     }
> protected String handleValidToken(ActionInvocation invocation) throws 
> Exception {
>         return invocation.invoke();  <------------------------- this line 
> needs to be moved out of the session lock.
>     }

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to