[
https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12800172#action_12800172
]
Colm O hEigeartaigh commented on WSS-221:
-----------------------------------------
I'll change both 1.5.x and trunk to use synchronized for the moment. We can
revisit trunk in the future.
Colm.
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded
> environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
>
> The unique identifier generator used in wss4j generates duplicate identifiers
> in a multi-threaded environment. The problem is because the getUUID() method
> is not synchronized, but internally modifies a number of variables (in
> particular the incrementingValue). If multiple threads call this
> simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token
> identifiers, so if multiple threads are processing messages simultaneously it
> is possible for two different keys to have the same identifier. These keys
> then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the
> UUIDGenerator in AXIOM (this class seems to have been originally copied from
> that one, but before the fix was applied). The fix is to simply make the
> UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
