Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

org.springframework.cache.interceptor.DefaultKeyGenerator has too weak hashing functionality [SPR-9377] #14013

Closed
spring-projects-issues opened this issue May 4, 2012 · 4 comments
Assignees
Labels
in: core status: duplicate type: enhancement

Comments

@spring-projects-issues
Copy link
Collaborator

@spring-projects-issues spring-projects-issues commented May 4, 2012

Andrey Karandey opened SPR-9377 and commented

Key generating has a weak hashing function. Next results are equal:

generate( object1,method1,new Integer( 109 ),new Integer( 434)));
generate( object1,method1,new Integer( 110 ),new Integer( 403)));

It was pity to catch it on production...


Affects: 3.1.1

Issue Links:

  • #14870 Cacheable key collision with DefaultKeyGenerator ("duplicates")
  • #13675 Improve DefaultKeyGenerator
  • #14870 Cacheable key collision with DefaultKeyGenerator

3 votes, 4 watchers

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented May 8, 2012

Hans-Peter Störr commented

This seems more or less a duplicate of #13675 and is IMHO a very ugly bug, not an improvement. Luckily I saw it during code review. :-) See my suggestion there.

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented May 8, 2012

Andrey Karandey commented

Anyway, i did not find any strong recommendation not to use this default implementation, so people might use it without any limitations.
P.S. I created my own based on md5 hash, but i`m not ready to suggest it now:).

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented May 9, 2012

Hans-Peter Störr commented

md5 would be better, but I'd rather not use any kind of hashing - see my comment on #13675.

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented May 15, 2012

Tim Lenz commented

Regardless of possible better implementations, I believe there is a bug in the default implementation. If you have a method with only one object parameter, that parameter is never hashed, it's simply returned.

I've made my own key generator where I changed this:

if (params.length == 1) {
return (params[0] == null ? NULL_PARAM_KEY : params[0]);
}

to this:

if (params.length == 1 && params[0] == null) {
return NULL_PARAM_KEY;
}

Now a single non-null object parameter will still be hashed, as occurred already for methods with more than one parameter.

@spring-projects-issues spring-projects-issues added type: enhancement in: core status: duplicate labels Jan 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: core status: duplicate type: enhancement
Projects
None yet
Development

No branches or pull requests

2 participants