make SecurityProxy.accessToken threadsafe in single writer multi reader

[shalk]

Please do not create a Pull Request without creating an issue first.

What is the purpose of the change

• add volatile keywork, make SecurityProxy.accessToken threadsafe in single writer multi reader.
• adjust initRefreshTask, make SecurityProxy.login not running concurrently

Brief changelog

XX

Verifying this change

XXXX

Follow this checklist to help us incorporate your contribution quickly and easily:

• Make sure there is a Github issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
• Format the pull request title like [ISSUE #123] Fix UnknownException when host config not exist. Each commit in the pull request should have a meaningful subject line and body.
• Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
• Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add integration-test in test module.
• Run mvn -B clean package apache-rat:check findbugs:findbugs -Dmaven.test.skip=true to make sure basic checks pass. Run mvn clean install -DskipITs to make sure unit-test pass. Run mvn clean test-compile failsafe:integration-test to make sure integration-test pass.

[CLAassistant]

All committers have signed the CLA.

[KomachiSion]

In login method, there is judgement for token refresh windows.

And both of them is in init method, no multiple reader I think.

[shalk]

In login method, there is judgement for token refresh windows.

And both of them is in init method, no multiple reader I think.

refresh windows can not lock the login(Server) at first time, because initDely is zero, and securityProxy.login(getServerList()) will run in different thread.

the problem is two writers work on share var without volatile or lock.

If we change the order , securityProxy.login(getServerList()) will running in order like single writer. ref ServerHttpAgent#L278

May be this is not big deal, but it is good convention for concurrent program.