mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-10-24 11:18:45 +00:00
Fix race condition in SessionRegistryImpl
Adding/removing sessions from principals wasn't atomic. If one thread removed the last session from a principal while another thread added a new one, the addition could be lost. Fixes gh-3189
This commit is contained in:
parent
da62c31fdc
commit
a17d66463d
@ -132,13 +132,18 @@ public class SessionRegistryImpl implements SessionRegistry,
|
||||
sessionIds.put(sessionId,
|
||||
new SessionInformation(principal, sessionId, new Date()));
|
||||
|
||||
Set<String> sessionsUsedByPrincipal = principals.computeIfAbsent(principal, key -> new CopyOnWriteArraySet<>());
|
||||
principals.compute(principal, (key, sessionsUsedByPrincipal) -> {
|
||||
if (sessionsUsedByPrincipal == null) {
|
||||
sessionsUsedByPrincipal = new CopyOnWriteArraySet<>();
|
||||
}
|
||||
sessionsUsedByPrincipal.add(sessionId);
|
||||
|
||||
if (logger.isTraceEnabled()) {
|
||||
logger.trace("Sessions used by '" + principal + "' : "
|
||||
+ sessionsUsedByPrincipal);
|
||||
}
|
||||
return sessionsUsedByPrincipal;
|
||||
});
|
||||
}
|
||||
|
||||
public void removeSessionInformation(String sessionId) {
|
||||
@ -157,12 +162,7 @@ public class SessionRegistryImpl implements SessionRegistry,
|
||||
|
||||
sessionIds.remove(sessionId);
|
||||
|
||||
Set<String> sessionsUsedByPrincipal = principals.get(info.getPrincipal());
|
||||
|
||||
if (sessionsUsedByPrincipal == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
principals.computeIfPresent(info.getPrincipal(), (key, sessionsUsedByPrincipal) -> {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Removing session " + sessionId
|
||||
+ " from principal's set of registered sessions");
|
||||
@ -176,13 +176,15 @@ public class SessionRegistryImpl implements SessionRegistry,
|
||||
logger.debug("Removing principal " + info.getPrincipal()
|
||||
+ " from registry");
|
||||
}
|
||||
principals.remove(info.getPrincipal());
|
||||
sessionsUsedByPrincipal = null;
|
||||
}
|
||||
|
||||
if (logger.isTraceEnabled()) {
|
||||
logger.trace("Sessions used by '" + info.getPrincipal() + "' : "
|
||||
+ sessionsUsedByPrincipal);
|
||||
}
|
||||
return sessionsUsedByPrincipal;
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user