[jira] Commented: (WSS-221) UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment

Wed, 13 Jan 2010 15:39:18 -0800 

    [ 
https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12800014#action_12800014
 ] 

Dave Bryant commented on WSS-221:
---------------------------------

An AtomicLong would be preferable, however, if that is done then there is 
technically still a race condition when the baseUUID field is initialised.  It 
is checked against null outside of the synchronized, and while it cannot be 
initialised by multiple threads simultaneously, it would be possible for 
multiple threads to initialise it.

> UUIDGenerator generates duplicate identifiers when used in a multi-threaded 
> environment
> ---------------------------------------------------------------------------------------
>
>                 Key: WSS-221
>                 URL: https://issues.apache.org/jira/browse/WSS-221
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>            Reporter: Dave Bryant
>            Assignee: Ruchith Udayanga Fernando
>
> The unique identifier generator used in wss4j generates duplicate identifiers 
> in a multi-threaded environment.  The problem is because the getUUID() method 
> is not synchronized, but internally modifies a number of variables (in 
> particular the incrementingValue).  If multiple threads call this 
> simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token 
> identifiers, so if multiple threads are processing messages simultaneously it 
> is possible for two different keys to have the same identifier. These keys 
> then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the 
> UUIDGenerator in AXIOM (this class seems to have been originally copied from 
> that one, but before the fix was applied).  The fix is to simply make the 
> UUIDGenerator.getUUID() method synchronized.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to