Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
PLINK_1.0.4.final
-
-
Low
Description
The mechanism used for marshal/unmarshal within Picketlink STS (client and server) is not thread-safe. JAXBContext instances from Sun/Oracle are defined as thread-safe. Furthermore, the creation of a JAXBContext instance is quite expensive and shouldn't be performed on-demand for all requests. Within org.picketlink.identity.federation.core.wstrust.WSTrustJAXBFactory, Marshaller and Binder<Node> are member variables of this singleton-like class instantiated within the private constructor. Consequently, when multiple threads request to marshal/unmarshal data, errors are thrown regarding marshal failure. WSTrustClient leverages the WSTrustJAXBFactory mechanism to marshal/unmarshal data and consequently creates client-side threading issues.
Known classes impacted:
org.picketlink.identity.federation.api.wstrust.WSTrustClient
org.picketlink.identity.federation.core.wstrust.STSClient
org.picketlink.identity.federation.core.wstrust.PicketLinkSTS
I was able to fix the issue by refactoring WSTrustJAXBFactory:
1. Single static instance of JAXBContext created with private getPackages() method
2. Return new instance of Marshaller/Binder when needed by member operations
- I can't guarantee this fix works for the WSTrustClient because I'm no longer using it (wrote my own client to interface with STS service)
