From 4c530661e763a353febc01ad58659b7092379550 Mon Sep 17 00:00:00 2001 From: Phil Clay Date: Wed, 27 Mar 2019 12:57:11 -0700 Subject: [PATCH] Make UnAuthenticatedServerOAuth2AuthorizedClientRepository threadsafe Previously UnAuthenticatedServerOAuth2AuthorizedClientRepository used a HashMap for storing OAuth2AuthorizedClients. UnAuthenticatedServerOAuth2AuthorizedClientRepository and its HashMap are potentially accessed by multiple threads without any synchronization. Since HashMap is not threadsafe itself, this makes UnAuthenticatedServerOAuth2AuthorizedClientRepository not threadsafe. Now UnAuthenticatedServerOAuth2AuthorizedClientRepository uses a ConcurrentHashMap for storing OAuth2AuthorizedClients. Since ConcurrentHashMap is threadsafe, UnAuthenticatedServerOAuth2AuthorizedClientRepository will now be threadsafe as well. Fixes gh-6717 --- ...AuthenticatedServerOAuth2AuthorizedClientRepository.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java index 3179b4a341..155a7de3a6 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/UnAuthenticatedServerOAuth2AuthorizedClientRepository.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ import org.springframework.util.Assert; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; -import java.util.HashMap; +import java.util.concurrent.ConcurrentHashMap; import java.util.Map; /** @@ -38,7 +38,7 @@ import java.util.Map; public class UnAuthenticatedServerOAuth2AuthorizedClientRepository implements ServerOAuth2AuthorizedClientRepository { private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); - private Map clientRegistrationIdToAuthorizedClient = new HashMap<>(); + private final Map clientRegistrationIdToAuthorizedClient = new ConcurrentHashMap<>(); @Override public Mono loadAuthorizedClient(String clientRegistrationId,