Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-957

Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 1.1.0.Beta29
    • 1.1.0.Beta24
    • HTTP
    • None

      Coverity static-analysis scan found getter is not synchronized, while setter is.

      public SecurityIdentity getIdentity() {
          return this.entry.getCachedIdentity().getSecurityIdentity();
      }
      

      Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile.

      However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure.

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8490896&defectInstanceId=2123245&mergedDefectId=1396940

              pferraro@redhat.com Paul Ferraro
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: