You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2012/10/05 12:36:03 UTC
[jira] [Commented] (WW-3582) Token Interceptor is holding
HttpSession lock which can trigger deadlocks
[ https://issues.apache.org/jira/browse/WW-3582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13470217#comment-13470217 ]
Hudson commented on WW-3582:
----------------------------
Integrated in Struts2 #536 (See [https://builds.apache.org/job/Struts2/536/])
WW-3865 rollbacks changes to TokenInterceptor applied with WW-3582 and adds new method handleToken() to allow in different way lock session object (Revision 1394422)
Result = SUCCESS
lukaszlenart :
Files :
* /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenInterceptor.java
* /struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
> Token Interceptor is holding HttpSession lock which can trigger deadlocks
> -------------------------------------------------------------------------
>
> Key: WW-3582
> URL: https://issues.apache.org/jira/browse/WW-3582
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.2.1
> Environment: Any (windows/Linux)
> Reporter: Lucy
> Assignee: Lukasz Lenart
> Fix For: 2.2.3
>
>
> In class TokenInterceptor::doIntercept() function, it was using HttpSession lock when check tokens, it should release the lock before calling invocation.invoke().
> Because invocation.invoke() was called inside the httpsession lock, it will hold the lock until all the other intercetors listed after the token interceptor have been processed.
> (This triggered a dead lock in our software environment.)
> It should release the lock before it calls invocation.invoke();
> {code:java}
> protected String doIntercept(ActionInvocation invocation) throws Exception {
> if (log.isDebugEnabled()) {
> log.debug("Intercepting invocation to check for valid transaction token.");
> }
> //see WW-2902: we need to use the real HttpSession here, as opposed to the map
> //that wraps the session, because a new wrap is created on every request
> HttpSession session = ServletActionContext.getRequest().getSession(true);
> synchronized (session) {
> if (!TokenHelper.validToken()) {
> return handleInvalidToken(invocation);
> }
> return handleValidToken(invocation);
> }
> }
> protected String handleValidToken(ActionInvocation invocation) throws Exception {
> return invocation.invoke(); <------------------------- this line needs to be moved out of the session lock.
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira