Make UnAuthenticatedServerOAuth2AuthorizedClientRepository threadsafe

Previously UnAuthenticatedServerOAuth2AuthorizedClientRepository used a HashMap for storing OAuth2AuthorizedClients.
UnAuthenticatedServerOAuth2AuthorizedClientRepository and its HashMap are potentially accessed by multiple threads without any synchronization.
Since HashMap is not threadsafe itself, this makes UnAuthenticatedServerOAuth2AuthorizedClientRepository not threadsafe.

Now UnAuthenticatedServerOAuth2AuthorizedClientRepository uses a ConcurrentHashMap for storing OAuth2AuthorizedClients.
Since ConcurrentHashMap is threadsafe, UnAuthenticatedServerOAuth2AuthorizedClientRepository will now be threadsafe as well.

Fixes gh-6717
This commit is contained in:
Phil Clay 2019-03-27 12:57:11 -07:00 committed by Joe Grandja
parent 2df411fed0
commit 4c530661e7

View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -24,7 +24,7 @@ import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import java.util.HashMap;
import java.util.concurrent.ConcurrentHashMap;
import java.util.Map;
/**
@ -38,7 +38,7 @@ import java.util.Map;
public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository {
private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
private Map<String, OAuth2AuthorizedClient> clientRegistrationIdToAuthorizedClient = new HashMap<>();
private final Map<String, OAuth2AuthorizedClient> clientRegistrationIdToAuthorizedClient = new ConcurrentHashMap<>();
@Override
public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String clientRegistrationId,