ISIS-1481: ensures that all methods of AuthenticatedWebSession are sy…

…nchronized, in order to avoid a race conditions, eg in SessionLoggingService when authenicating.
apache · Sep 7, 2016 · 6a2061e · 6a2061e
1 parent 60e3e74
commit 6a2061e
Showing 1 changed file with 7 additions and 8 deletions.
diff --git a/...g/apache/isis/viewer/wicket/viewer/integration/wicket/AuthenticatedWebSessionForIsis.java b/...g/apache/isis/viewer/wicket/viewer/integration/wicket/AuthenticatedWebSessionForIsis.java
@@ -21,7 +21,6 @@
 
 import java.util.Arrays;
 import java.util.List;
-import java.util.concurrent.Callable;
 
 import org.apache.wicket.Session;
 import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
@@ -68,7 +67,7 @@ public AuthenticatedWebSessionForIsis(final Request request) {
     }
 
     @Override
-    public boolean authenticate(final String username, final String password) {
+    public synchronized boolean authenticate(final String username, final String password) {
         AuthenticationRequest authenticationRequest = new AuthenticationRequestPassword(username, password);
         authenticationRequest.setRoles(Arrays.asList(USER_ROLE));
         authenticationSession = getAuthenticationManager().authenticate(authenticationRequest);
@@ -81,7 +80,7 @@ public boolean authenticate(final String username, final String password) {
     }
 
     @Override
-    public void invalidateNow() {
+    public synchronized void invalidateNow() {
 
         // similar code in Restful Objects viewer (UserResourceServerside#logout)
         // this needs to be done here because Wicket will expire the HTTP session
@@ -105,7 +104,7 @@ public void invalidateNow() {
     }
 
     @Override
-    public void onInvalidate() {
+    public synchronized void onInvalidate() {
         super.onInvalidate();
 
         SessionLoggingService.CausedBy causedBy = RequestCycle.get() != null
@@ -120,12 +119,12 @@ public void onInvalidate() {
         log(SessionLoggingService.Type.LOGOUT, userName, causedBy);
     }
 
-    public AuthenticationSession getAuthenticationSession() {
+    public synchronized AuthenticationSession getAuthenticationSession() {
         return authenticationSession;
     }
 
     @Override
-    public Roles getRoles() {
+    public synchronized Roles getRoles() {
         if (!isSignedIn()) {
             return null;
         }
@@ -134,7 +133,7 @@ public Roles getRoles() {
     }
 
     @Override
-    public void detach() {
+    public synchronized void detach() {
         breadcrumbModel.detach();
         super.detach();
     }
@@ -195,7 +194,7 @@ public SessionLoggingService call() throws Exception {
     }
 
     @Override
-    public void replaceSession() {
+    public synchronized void replaceSession() {
         // do nothing here because this will lead to problems with Shiro
         // see https://issues.apache.org/jira/browse/ISIS-1018
     }