Use @synchronized for @SessionScoped beans

zanata-war/src/main/java/org/zanata/action/AccountMergeAction.java

@@ -43,6 +43,7 @@
 import org.zanata.service.RegisterService;
 import org.zanata.ui.faces.FacesMessages;
 import org.zanata.util.ServiceLocator;
+import org.zanata.util.Synchronized;
 
 /**
  * @author Carlos Munoz <a
@@ -53,6 +54,7 @@
 public class AccountMergeAction implements Serializable {
 
     @SessionScoped
+    @Synchronized
     static class ObsoleteHolder implements Serializable {
         private static final long serialVersionUID = 1L;
         @Nullable HAccount account;

zanata-war/src/main/java/org/zanata/action/LocaleSelectorAction.java

@@ -44,13 +44,15 @@
 import com.google.common.base.Function;
 import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
+import org.zanata.util.Synchronized;
 
 /**
  * @author Patrick Huang <a
  *         href="mailto:pahuang@redhat.com">pahuang@redhat.com</a>
  */
 @Named("localeSelectorAction")
 @SessionScoped
+@Synchronized
 public class LocaleSelectorAction implements Serializable {
     private static final long serialVersionUID = -7116393807988405479L;
     @Inject

zanata-war/src/main/java/org/zanata/action/RoleSearch.java

@@ -4,20 +4,23 @@
 import java.util.List;
 
 import javax.annotation.PostConstruct;
+import javax.enterprise.context.SessionScoped;
 import javax.inject.Inject;
 import org.apache.deltaspike.core.api.exclude.Exclude;
 import org.apache.deltaspike.core.api.projectstage.ProjectStage;
 import javax.inject.Named;
 import org.zanata.seam.security.IdentityManager;
 import org.zanata.security.ZanataIdentity;
+import org.zanata.util.Synchronized;
 
 /**
  * @author Patrick Huang
  *         <a href="mailto:pahuang@redhat.com">pahuang@redhat.com</a>
  */
 @Named("zanataRoleSearch")
 // TODO this should probably be ViewScoped or even RequestScoped (plus xhtml changes)
-@javax.enterprise.context.SessionScoped
+@SessionScoped
+@Synchronized
 public class RoleSearch implements Serializable {
     private static final long serialVersionUID = 1734703030195353735L;
     private List<String> roles;

zanata-war/src/main/java/org/zanata/action/UserSearch.java

@@ -3,21 +3,23 @@
 import java.io.Serializable;
 import java.util.List;
 
+import javax.enterprise.context.SessionScoped;
 import javax.inject.Inject;
 import org.apache.deltaspike.core.api.exclude.Exclude;
 import org.apache.deltaspike.core.api.projectstage.ProjectStage;
 import javax.inject.Named;
 import org.zanata.seam.security.IdentityManager;
 import org.zanata.security.annotations.CheckRole;
+import org.zanata.util.Synchronized;
 
 /**
  * @author Patrick Huang <a
  *         href="mailto:pahuang@redhat.com">pahuang@redhat.com</a>
  */
 @Named("userSearch")
 // TODO this should probably be ViewScoped or even RequestScoped (with changes in xhtml)
-@javax.enterprise.context.SessionScoped
-
+@SessionScoped
+@Synchronized
 public class UserSearch implements Serializable {
     private static final long serialVersionUID = -4792732235757055958L;
     private List<String> users;

zanata-war/src/main/java/org/zanata/security/AuthenticatedAccountSessionScopeHolder.java

@@ -22,6 +22,7 @@
 package org.zanata.security;
 
 import org.zanata.model.HAccount;
+import org.zanata.util.Synchronized;
 
 import javax.enterprise.context.SessionScoped;
 import java.io.Serializable;
@@ -30,6 +31,7 @@
  * @author Patrick Huang <a href="mailto:pahuang@redhat.com">pahuang@redhat.com</a>
  */
 @SessionScoped
+@Synchronized
 public class AuthenticatedAccountSessionScopeHolder
         implements AuthenticatedAccountHolder, Serializable {
     private HAccount authenticatedAccount;

zanata-war/src/main/java/org/zanata/security/SpNegoIdentity.java

@@ -25,15 +25,18 @@
 import org.slf4j.LoggerFactory;
 import org.zanata.events.AlreadyLoggedInEvent;
 import org.zanata.util.ServiceLocator;
+import org.zanata.util.Synchronized;
 
+import javax.enterprise.context.SessionScoped;
 import javax.enterprise.event.Event;
 import javax.faces.context.FacesContext;
 import javax.inject.Inject;
 import javax.inject.Named;
 import java.io.Serializable;
 
 @Named("spNegoIdentity")
-@javax.enterprise.context.SessionScoped
+@SessionScoped
+@Synchronized
 public class SpNegoIdentity implements Serializable {
     private static final Logger LOGGER = LoggerFactory
             .getLogger(SpNegoIdentity.class);

zanata-war/src/main/java/org/zanata/security/UserRedirectBean.java

@@ -25,6 +25,7 @@
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 
+import javax.enterprise.context.SessionScoped;
 import javax.enterprise.event.Observes;
 import javax.faces.context.FacesContext;
 import javax.inject.Inject;
@@ -35,6 +36,7 @@
 import org.slf4j.LoggerFactory;
 import org.zanata.events.NotLoggedInEvent;
 import org.zanata.servlet.annotations.ContextPath;
+import org.zanata.util.Synchronized;
 import org.zanata.util.UrlUtil;
 
 /**
@@ -50,8 +52,8 @@
  */
 @Named("userRedirect")
 // TODO verify that SESSION scope will not persist this too long
-@javax.enterprise.context.SessionScoped
-
+@SessionScoped
+@Synchronized
 public class UserRedirectBean implements Serializable {
     private static final Logger log =
             LoggerFactory.getLogger(UserRedirectBean.class);

zanata-war/src/main/java/org/zanata/security/ZanataCredentials.java

@@ -22,6 +22,7 @@
 
 import java.io.IOException;
 import java.io.Serializable;
+import javax.enterprise.context.SessionScoped;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
@@ -34,6 +35,7 @@
 import org.zanata.security.openid.OpenIdProviderType;
 
 import lombok.extern.slf4j.Slf4j;
+import org.zanata.util.Synchronized;
 
 /**
  * Overrides the default Seam credentials. Adds app-specific security concepts
@@ -43,8 +45,9 @@
  *         href="mailto:camunoz@redhat.com">camunoz@redhat.com</a>
  */
 @Named("credentials")
-@javax.enterprise.context.SessionScoped
+@SessionScoped
 @Slf4j
+@Synchronized
 public class ZanataCredentials implements Serializable {
     private static final long serialVersionUID = 5520824011655916917L;
     private String username;

zanata-war/src/main/java/org/zanata/security/ZanataIdentity.java

@@ -29,6 +29,7 @@
 
 import javax.annotation.Nullable;
 import javax.annotation.PreDestroy;
+import javax.enterprise.context.SessionScoped;
 import javax.enterprise.event.Event;
 import javax.enterprise.util.AnnotationLiteral;
 import javax.inject.Inject;
@@ -65,13 +66,15 @@
 import org.zanata.util.Contexts;
 import org.zanata.util.RequestContextValueStore;
 import org.zanata.util.ServiceLocator;
+import org.zanata.util.Synchronized;
 import org.zanata.util.UrlUtil;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.Lists;
 
 @Named("identity")
-@javax.enterprise.context.SessionScoped
+@SessionScoped
+@Synchronized
 public class ZanataIdentity implements Identity, Serializable {
     private static final Logger log = LoggerFactory.getLogger(
             ZanataIdentity.class);

zanata-war/src/main/java/org/zanata/security/ZanataOpenId.java

@@ -49,10 +49,12 @@
 import org.zanata.ui.faces.FacesMessages;
 import org.zanata.util.Contexts;
 import org.zanata.util.ServiceLocator;
+import org.zanata.util.Synchronized;
 import org.zanata.util.UrlUtil;
 
 import javax.annotation.PostConstruct;
 import javax.enterprise.context.RequestScoped;
+import javax.enterprise.context.SessionScoped;
 import javax.enterprise.event.Event;
 import javax.enterprise.inject.Produces;
 import javax.faces.context.ExternalContext;
@@ -64,8 +66,8 @@
 import java.util.List;
 
 @Named("zanataOpenId")
-@javax.enterprise.context.SessionScoped
-
+@SessionScoped
+@Synchronized
 /*
  * based on org.jboss.seam.security.openid.OpenId class
  */