Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-2731

Improve thread-safety of admin client

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • 1.9.1.Final
    • 1.9.2.Final
    • None
    • None

    Description

      I can see those potential issues with TokenManager class used internally by admin client:

      • If more threads called concurrently keycloak.tokenManager().getAccessToken(), there is some chance that all of them will try to race for refreshing the same access token. Guess we can improve and add semaphore or locking mechanism to ensure that there is just one refresh at the same time
      • The field "currentToken" should be made volatile . The field "expirationTime" could be probably removed entirely and instead the expiration time could be always computed from currentToken

      Attachments

        Activity

          People

            sthorger@redhat.com Stian Thorgersen
            mposolda@redhat.com Marek Posolda
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: