Martin Choma created WFLY-7959: ---------------------------------- Summary: Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized Key: WFLY-7959 URL: https://issues.jboss.org/browse/WFLY-7959 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Minor Coverity static-analysis scan found getter is not synchronized, while setter is. {code} public SecurityIdentity getIdentity() { return this.entry.getCachedIdentity().getSecurityIdentity(); } {code} Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile. However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure. https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84908... -- This message was sent by Atlassian JIRA (v7.2.3#72005)