You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Dave Bryant (JIRA)" <ji...@apache.org> on 2010/01/13 23:35:54 UTC
[jira] Created: (WSS-221) UUIDGenerator generates duplicate
identifiers when used in a multi-threaded environment
UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment
---------------------------------------------------------------------------------------
Key: WSS-221
URL: https://issues.apache.org/jira/browse/WSS-221
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.8
Reporter: Dave Bryant
Assignee: Ruchith Udayanga Fernando
The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.
This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.
This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Closed: (WSS-221) UUIDGenerator generates duplicate
identifiers when used in a multi-threaded environment
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-221.
-----------------------------------
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
>
> The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Updated: (WSS-221) UUIDGenerator generates duplicate
identifiers when used in a multi-threaded environment
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-221:
------------------------------------
Fix Version/s: 1.6
1.5.9
Assignee: Colm O hEigeartaigh (was: Ruchith Udayanga Fernando)
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
>
> The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-221) UUIDGenerator generates duplicate
identifiers when used in a multi-threaded environment
Posted by "Daniel Kulp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12799982#action_12799982 ]
Daniel Kulp commented on WSS-221:
---------------------------------
A better fix is to use an AtomicLong for the incrementingValue, but that would lock it onto Java 5. Possibly make it synchronized on 1.5.x, but use the AtomicLong on 1.6/trunk.
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Ruchith Udayanga Fernando
>
> The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Resolved: (WSS-221) UUIDGenerator generates duplicate
identifiers when used in a multi-threaded environment
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-221.
-------------------------------------
Resolution: Fixed
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
>
> The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-221) UUIDGenerator generates duplicate
identifiers when used in a multi-threaded environment
Posted by "Dave Bryant (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12800014#action_12800014 ]
Dave Bryant commented on WSS-221:
---------------------------------
An AtomicLong would be preferable, however, if that is done then there is technically still a race condition when the baseUUID field is initialised. It is checked against null outside of the synchronized, and while it cannot be initialised by multiple threads simultaneously, it would be possible for multiple threads to initialise it.
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Ruchith Udayanga Fernando
>
> The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-221) UUIDGenerator generates duplicate
identifiers when used in a multi-threaded environment
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12800172#action_12800172 ]
Colm O hEigeartaigh commented on WSS-221:
-----------------------------------------
I'll change both 1.5.x and trunk to use synchronized for the moment. We can revisit trunk in the future.
Colm.
> UUIDGenerator generates duplicate identifiers when used in a multi-threaded environment
> ---------------------------------------------------------------------------------------
>
> Key: WSS-221
> URL: https://issues.apache.org/jira/browse/WSS-221
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Reporter: Dave Bryant
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.9, 1.6
>
>
> The unique identifier generator used in wss4j generates duplicate identifiers in a multi-threaded environment. The problem is because the getUUID() method is not synchronized, but internally modifies a number of variables (in particular the incrementingValue). If multiple threads call this simultaneously then the same identifier can be returned.
> This causes a problem in Axis where this is used for encrypted key token identifiers, so if multiple threads are processing messages simultaneously it is possible for two different keys to have the same identifier. These keys then get placed in the same token store which obviously causes a problem.
> This is the same problem as previously reported in WSCOMMONS-201 with the UUIDGenerator in AXIOM (this class seems to have been originally copied from that one, but before the fix was applied). The fix is to simply make the UUIDGenerator.getUUID() method synchronized.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org