Repository: struts Updated Branches: refs/heads/develop c6b7aaf81 -> eecd90763
WW-3895 Uses session id for synchronisation Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/eecd9076 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/eecd9076 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/eecd9076 Branch: refs/heads/develop Commit: eecd907638d223a74b91a944476c11750adac4ab Parents: c6b7aaf Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Fri Aug 22 17:25:45 2014 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Fri Aug 22 17:25:45 2014 +0200 ---------------------------------------------------------------------- .../apache/struts2/dispatcher/SessionMap.java | 19 ++++++++++++------- .../TokenSessionStoreInterceptor.java | 2 +- .../struts2/dispatcher/SessionMapTest.java | 1 + .../struts2/views/jsp/StrutsMockHttpSession.java | 7 +++++++ 4 files changed, 21 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/eecd9076/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java b/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java index d22127d..8da98da 100644 --- a/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java +++ b/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java @@ -21,6 +21,8 @@ package org.apache.struts2.dispatcher; +import org.apache.struts2.components.Submit; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.io.Serializable; @@ -68,7 +70,7 @@ public class SessionMap<K, V> extends AbstractMap<K, V> implements Serializable return; } - synchronized (session) { + synchronized (session.getId().intern()) { session.invalidate(); session = null; entries = null; @@ -79,12 +81,13 @@ public class SessionMap<K, V> extends AbstractMap<K, V> implements Serializable * Removes all attributes from the session as well as clears entries in this * map. */ + @SuppressWarnings("unchecked") public void clear() { if (session == null) { return; } - synchronized (session) { + synchronized (session.getId().intern()) { entries = null; Enumeration<String> attributeNamesEnum = session.getAttributeNames(); while (attributeNamesEnum.hasMoreElements()) { @@ -99,12 +102,13 @@ public class SessionMap<K, V> extends AbstractMap<K, V> implements Serializable * * @return a Set of attributes from the http session. */ + @SuppressWarnings("unchecked") public Set<java.util.Map.Entry<K, V>> entrySet() { if (session == null) { return Collections.emptySet(); } - synchronized (session) { + synchronized (session.getId().intern()) { if (entries == null) { entries = new HashSet<Map.Entry<K, V>>(); @@ -154,12 +158,13 @@ public class SessionMap<K, V> extends AbstractMap<K, V> implements Serializable * @param key the name of the session attribute. * @return the session attribute or <tt>null</tt> if it doesn't exist. */ + @SuppressWarnings("unchecked") public V get(Object key) { if (session == null) { return null; } - synchronized (session) { + synchronized (session.getId().intern()) { return (V) session.getAttribute(key.toString()); } } @@ -177,7 +182,7 @@ public class SessionMap<K, V> extends AbstractMap<K, V> implements Serializable session = request.getSession(true); } } - synchronized (session) { + synchronized (session.getId().intern()) { V oldValue = get(key); entries = null; session.setAttribute(key.toString(), value); @@ -196,7 +201,7 @@ public class SessionMap<K, V> extends AbstractMap<K, V> implements Serializable return null; } - synchronized (session) { + synchronized (session.getId().intern()) { entries = null; V value = get(key); @@ -218,7 +223,7 @@ public class SessionMap<K, V> extends AbstractMap<K, V> implements Serializable return false; } - synchronized (session) { + synchronized (session.getId().intern()) { return (session.getAttribute(key.toString()) != null); } } http://git-wip-us.apache.org/repos/asf/struts/blob/eecd9076/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java index 66e6dfd..871f24d 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java +++ b/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java @@ -109,7 +109,7 @@ public class TokenSessionStoreInterceptor extends TokenInterceptor { //see WW-2902: we need to use the real HttpSession here, as opposed to the map //that wraps the session, because a new wrap is created on every request HttpSession session = ServletActionContext.getRequest().getSession(true); - synchronized (session) { + synchronized (session.getId().intern()) { if (!TokenHelper.validToken()) { return handleInvalidToken(invocation); } http://git-wip-us.apache.org/repos/asf/struts/blob/eecd9076/core/src/test/java/org/apache/struts2/dispatcher/SessionMapTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/struts2/dispatcher/SessionMapTest.java b/core/src/test/java/org/apache/struts2/dispatcher/SessionMapTest.java index e71f70d..823bfb0 100644 --- a/core/src/test/java/org/apache/struts2/dispatcher/SessionMapTest.java +++ b/core/src/test/java/org/apache/struts2/dispatcher/SessionMapTest.java @@ -207,6 +207,7 @@ public class SessionMapTest extends TestCase { protected void setUp() throws Exception { sessionMock = new Mock(HttpSession.class); + sessionMock.matchAndReturn("getId", "1"); requestMock = new Mock(HttpServletRequest.class); requestMock.matchAndReturn("getSession", new Constraint[]{new IsEqual(Boolean.FALSE)}, sessionMock.proxy()); } http://git-wip-us.apache.org/repos/asf/struts/blob/eecd9076/core/src/test/java/org/apache/struts2/views/jsp/StrutsMockHttpSession.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/struts2/views/jsp/StrutsMockHttpSession.java b/core/src/test/java/org/apache/struts2/views/jsp/StrutsMockHttpSession.java index 4de2e52..f8be6b9 100644 --- a/core/src/test/java/org/apache/struts2/views/jsp/StrutsMockHttpSession.java +++ b/core/src/test/java/org/apache/struts2/views/jsp/StrutsMockHttpSession.java @@ -23,6 +23,7 @@ package org.apache.struts2.views.jsp; import java.util.Enumeration; import java.util.Hashtable; +import java.util.UUID; import com.mockobjects.servlet.MockHttpSession; @@ -67,4 +68,10 @@ public class StrutsMockHttpSession extends MockHttpSession { public void setupGetAttributeNames(Enumeration enumeration) { throw new UnsupportedOperationException(); } + + @Override + public String getId() { + return UUID.randomUUID().toString(); + } + }
