[jboss-jira] [JBoss JIRA] (WFLY-7959) Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized
Martin Choma (JIRA)
issues at jboss.org
Wed Jan 25 03:50:01 EST 2017
Martin Choma created WFLY-7959:
----------------------------------
Summary: Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized
Key: WFLY-7959
URL: https://issues.jboss.org/browse/WFLY-7959
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Minor
Coverity static-analysis scan found getter is not synchronized, while setter is.
{code}
public SecurityIdentity getIdentity() {
return this.entry.getCachedIdentity().getSecurityIdentity();
}
{code}
Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile.
However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure.
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8490896&defectInstanceId=2123245&mergedDefectId=1396940
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list