[jboss-jira] [JBoss JIRA] (ELY-957) Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized
Ilia Vassilev (JIRA)
issues at jboss.org
Tue Feb 14 12:47:00 EST 2017
[ https://issues.jboss.org/browse/ELY-957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev moved WFLY-7959 to ELY-957:
-----------------------------------------
Project: WildFly Elytron (was: WildFly)
Key: ELY-957 (was: WFLY-7959)
Component/s: HTTP
(was: Security)
Affects Version/s: 1.1.0.Beta24
(was: 11.0.0.Alpha1)
> Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized
> ----------------------------------------------------------------------------
>
> Key: ELY-957
> URL: https://issues.jboss.org/browse/ELY-957
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 1.1.0.Beta24
> Reporter: Martin Choma
> Assignee: Ilia Vassilev
> Priority: Minor
>
> Coverity static-analysis scan found getter is not synchronized, while setter is.
> {code}
> public SecurityIdentity getIdentity() {
> return this.entry.getCachedIdentity().getSecurityIdentity();
> }
> {code}
> Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile.
> However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure.
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8490896&defectInstanceId=2123245&mergedDefectId=1396940
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list