Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8496

Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized

    XMLWordPrintable

Details

    Description

      Coverity static-analysis scan found getter is not synchronized, while setter is.

      public SecurityIdentity getIdentity() {
    return this.entry.getCachedIdentity().getSecurityIdentity();
}

      Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile.

      However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure.

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8490896&defectInstanceId=2123245&mergedDefectId=1396940

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-957 Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Resolved

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: