From my PoV moving synchronized modifier to synchronized block, doesn't change situation.

Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized ---------------------------------------------------------------------------- Key: ELY-957 URL: https://issues.jboss.org/browse/ELY-957 Project: WildFly Elytron Issue Type: Bug Components: HTTP Affects Versions: 1.1.0.Beta24 Reporter: Martin Choma Assignee: Paul Ferraro Priority: Minor Coverity static-analysis scan found getter is not synchronized, while setter is. {code} public SecurityIdentity getIdentity() { return this.entry.getCachedIdentity().getSecurityIdentity(); } {code} Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile. However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure. https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84908...