Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-2830

REST API login/logout thread-safety

    XMLWordPrintable

    Details

    • Attachments:
      0
    • Comments:
      3
    • Documentation Status:
      Not Required

      Description

      Hi, I have just figured out that the token management in the REST API is not thread-safe. So if the API is consumed concurrently by multiple scripts then one may encounter some erroneous 401/403 statuses even if the token is present and valid.

      In TokenHolder.java everything is static and the access to the tokens and persons hashes should be synchronized. I am preparing a GitHub pull request for that.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            arnodb Arnaud de Bossoreille
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: