New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

org.springframework.cache.interceptor.DefaultKeyGenerator has too weak hashing functionality [SPR-9377] #14013

Closed
spring-issuemaster opened this Issue May 4, 2012 · 4 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link
Collaborator

spring-issuemaster commented May 4, 2012

Andrey Karandey opened SPR-9377 and commented

Key generating has a weak hashing function. Next results are equal:

generate( object1,method1,new Integer( 109 ),new Integer( 434)));
generate( object1,method1,new Integer( 110 ),new Integer( 403)));

It was pity to catch it on production...


Affects: 3.1.1

Issue Links:

  • #14870 Cacheable key collision with DefaultKeyGenerator ("duplicates")
  • #13675 Improve DefaultKeyGenerator
  • #14870 Cacheable key collision with DefaultKeyGenerator

3 votes, 4 watchers

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator

spring-issuemaster commented May 8, 2012

Hans-Peter Störr commented

This seems more or less a duplicate of #13675 and is IMHO a very ugly bug, not an improvement. Luckily I saw it during code review. :-) See my suggestion there.

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator

spring-issuemaster commented May 8, 2012

Andrey Karandey commented

Anyway, i did not find any strong recommendation not to use this default implementation, so people might use it without any limitations.
P.S. I created my own based on md5 hash, but i`m not ready to suggest it now:).

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator

spring-issuemaster commented May 9, 2012

Hans-Peter Störr commented

md5 would be better, but I'd rather not use any kind of hashing - see my comment on #13675.

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator

spring-issuemaster commented May 15, 2012

Tim Lenz commented

Regardless of possible better implementations, I believe there is a bug in the default implementation. If you have a method with only one object parameter, that parameter is never hashed, it's simply returned.

I've made my own key generator where I changed this:

if (params.length == 1) {
return (params[0] == null ? NULL_PARAM_KEY : params[0]);
}

to this:

if (params.length == 1 && params[0] == null) {
return NULL_PARAM_KEY;
}

Now a single non-null object parameter will still be hashed, as occurred already for methods with more than one parameter.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment