[
https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12799982#action_12799982
]
Daniel Kulp commented on WSS-221:
---------------------------------
A better fix is to use an AtomicLong for the incrementingValue, but that would
lock it onto Java 5. Possibly make it synchronized on 1.5.x, but use the
AtomicLong on 1.6/trunk.
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded
> environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Ruchith Udayanga Fernando
>
> The unique identifier generator used in wss4j generates duplicate identifiers
> in a multi-threaded environment. The problem is because the getUUID() method
> is not synchronized, but internally modifies a number of variables (in
> particular the incrementingValue). If multiple threads call this
> simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token
> identifiers, so if multiple threads are processing messages simultaneously it
> is possible for two different keys to have the same identifier. These keys
> then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the
> UUIDGenerator in AXIOM (this class seems to have been originally copied from
> that one, but before the fix was applied). The fix is to simply make the
> UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
