]
Martin Choma reassigned WFLY-7959:
----------------------------------
Assignee: Ilia Vassilev (was: Darran Lofthouse)
Coverity static analysis: DefaultSingleSignOn.getIdentity() not
synchronized
----------------------------------------------------------------------------
Key: WFLY-7959
URL:
https://issues.jboss.org/browse/WFLY-7959
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Alpha1
Reporter: Martin Choma
Assignee: Ilia Vassilev
Priority: Minor
Coverity static-analysis scan found getter is not synchronized, while setter is.
{code}
public SecurityIdentity getIdentity() {
return this.entry.getCachedIdentity().getSecurityIdentity();
}
{code}
Current implementation is correct because in DefaultSingleSignOnEntry (currently only
avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile.
However other implementations can be wrongly implemented. Once getIdentity() would be
marked with synchronize modifier, such problem shouldn't occure.
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84908...