[MAGNOLIA-412] Race condition in RequestInterceptor Created: 26/May/05  Updated: 05/Nov/12  Resolved: 16/Aug/05

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 2.01
Fix Version/s: 2.1 Final

Type: Bug Priority: Major
Reporter: Andreas Weder Assignee: Boris Kraft
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

any


Attachments: Text File magnolia_412_1.patch    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

[taken from magnolia-dev, reporter: ]

<<<<

I think I've found a race condition in
info.magnolia.cms.servlets.RequestInterceptor:

--------------------------
public void doGet(HttpServletRequest request, HttpServletResponse
response)

{ this.request = request; this.response = response; this.action(); }

....
private void action() {
String action=this.getRequest().getParameter(EntryServlet.INTERCEPT);

String repository=this.getRequest().getParameter("mgnlRepository");
....
--------------------------

IIRC, servlets are multithreaded. That is, for the webapp there will be
only one instantiated RequestInterceptor object. It's bad practice to use
member variables in servlets, because concurrent requests will overwrite
each others' data and cause all kinds of havoc.

Why aren't the request and response simply passed to the action method as
parameters? Or, why is there even an action method at all, since the only
thing doGet does is call the action method?

This same type of race condition is also present in the SimpleExchange
class (same package).

Thanks for your time,

  • jonathan.

>>>>



 Comments   
Comment by Andreas Weder [ 26/May/05 ]

This issue has been fixed for 2.1.

I've attached a patch that fixes the race condition in RequestInterceptor also for the 2.02 branch.

Generated at Mon Feb 12 03:17:10 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.