Open
Description
Environment details
Steps to reproduce
- Send multiple times by second request to the callback URL
- Threads are blocked because of the ReentrantLock()
Code example
/** Lock on the flow. */
private final Lock lock = new ReentrantLock();
/**
* Authorization code flow to be used across all HTTP servlet requests or {@code null} before
* initialized in {@link #initializeFlow()}.
*/
private AuthorizationCodeFlow flow;
@Override
protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
StringBuffer buf = req.getRequestURL();
if (req.getQueryString() != null) {
buf.append('?').append(req.getQueryString());
}
AuthorizationCodeResponseUrl responseUrl = new AuthorizationCodeResponseUrl(buf.toString());
String code = responseUrl.getCode();
if (responseUrl.getError() != null) {
onError(req, resp, responseUrl);
} else if (code == null) {
resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
resp.getWriter().print("Missing authorization code");
} else {
lock.lock();
try {
if (flow == null) {
flow = initializeFlow();
}
String redirectUri = getRedirectUri(req);
TokenResponse response = flow.newTokenRequest(code).setRedirectUri(redirectUri).execute();
String userId = getUserId(req);
Credential credential = flow.createAndStoreCredential(response, userId);
onSuccess(req, resp, credential);
} finally {
lock.unlock();
}
}
}Any additional information below
If there are lots of requests, the Threads are blocked and waiting for the lock from other threads.
What the purpose of the lock? Is it onlyuseful for initializeFlow()?
Is the rest of the process thread safe?
Can we put
String redirectUri = getRedirectUri(req);
TokenResponse response = flow.newTokenRequest(code).setRedirectUri(redirectUri).execute();
String userId = getUserId(req);
Credential credential = flow.createAndStoreCredential(response, userId);
onSuccess(req, resp, credential);outside the lock?
Thanks
Regards,
Sylvain