UUIDGenerator generates duplicate identifiers when used in a multi-threaded
environment
---------------------------------------------------------------------------------------
Key: WSS-221
URL: https://issues.apache.org/jira/browse/WSS-221
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.8
Reporter: Dave Bryant
Assignee: Ruchith Udayanga Fernando
The unique identifier generator used in wss4j generates duplicate identifiers
in a multi-threaded environment. The problem is because the getUUID() method
is not synchronized, but internally modifies a number of variables (in
particular the incrementingValue). If multiple threads call this
simultaneously then the same identifier can be returned.
This causes a problem in Axis where this is used for encrypted key token
identifiers, so if multiple threads are processing messages simultaneously it
is possible for two different keys to have the same identifier. These keys then
get placed in the same token store which obviously causes a problem.
This is the same problem as previously reported in WSCOMMONS-201 with the
UUIDGenerator in AXIOM (this class seems to have been originally copied from
that one, but before the fix was applied). The fix is to simply make the
UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
