[jboss-jira] [JBoss JIRA] (ELY-957) Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized
Paul Ferraro (JIRA)
issues at jboss.org
Tue Feb 28 09:40:00 EST 2017
[ https://issues.jboss.org/browse/ELY-957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13370388#comment-13370388 ]
Paul Ferraro commented on ELY-957:
----------------------------------
There's no reason to synchronize this method. If the synchronized modifier in the method signature of DefaultSingleSignOn.setIdentity(...) is cumbersome for subclasses, then there are better ways to address this (e.g. by replacing the modifier with a synchronized block, and clarifying the javadoc).
> Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized
> ----------------------------------------------------------------------------
>
> Key: ELY-957
> URL: https://issues.jboss.org/browse/ELY-957
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 1.1.0.Beta24
> Reporter: Martin Choma
> Assignee: Paul Ferraro
> Priority: Minor
>
> Coverity static-analysis scan found getter is not synchronized, while setter is.
> {code}
> public SecurityIdentity getIdentity() {
> return this.entry.getCachedIdentity().getSecurityIdentity();
> }
> {code}
> Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile.
> However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure.
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8490896&defectInstanceId=2123245&mergedDefectId=1396940
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list