[JBoss JIRA] (ELY-957) Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized

Tuesday, 28 February 2017

    [
https://issues.jboss.org/browse/ELY-957?page=com.atlassian.jira.plugin.sy...
] 

Paul Ferraro commented on ELY-957:
----------------------------------

There's no reason to synchronize this method. If the synchronized modifier in the
method signature of DefaultSingleSignOn.setIdentity(...) is cumbersome for subclasses,
then there are better ways to address this (e.g. by replacing the modifier with a
synchronized block, and clarifying the javadoc).

...
 Coverity static analysis: DefaultSingleSignOn.getIdentity() not
synchronized
 ----------------------------------------------------------------------------

                 Key: ELY-957
                 URL: https://issues.jboss.org/browse/ELY-957
             Project: WildFly Elytron
          Issue Type: Bug
          Components: HTTP
    Affects Versions: 1.1.0.Beta24
            Reporter: Martin Choma
            Assignee: Paul Ferraro
            Priority: Minor

 Coverity  static-analysis scan found getter is not synchronized, while setter is.
 {code}
 public SecurityIdentity getIdentity() {
     return this.entry.getCachedIdentity().getSecurityIdentity();
 }
 {code}
 Current implementation  is correct because in DefaultSingleSignOnEntry (currently only
avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile.
 However other implementations can be wrongly implemented. Once getIdentity() would be
marked with synchronize modifier, such problem shouldn't occure.

https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84908...

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006