Quantcast

[GitHub] cxf pull request #273: lock RefreshToken entity with pissimistic locking to ...

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GitHub] cxf pull request #273: lock RefreshToken entity with pissimistic locking to ...

asfgit
GitHub user vgagara-talend opened a pull request:

    https://github.com/apache/cxf/pull/273

    lock RefreshToken entity with pissimistic locking to avoid concurrent updates

    issue: https://issues.apache.org/jira/browse/CXF-7374
    orig issue: https://jira.talendforge.org/browse/TPSVC-2439

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vgagara-talend/cxf cxf-7374-concurrent-access-token-refresh

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cxf/pull/273.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #273
   
----
commit 17f3a8bff79a29ae74a3bc12317519fb50863e86
Author: Viacheslav Gagara <[hidden email]>
Date:   2017-05-18T15:02:01Z

    lock RefreshToken entity with pissimistic locking to avoid concurrent updates (unit test added)

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GitHub] cxf issue #273: lock RefreshToken entity with pissimistic locking to avoid c...

asfgit
Github user sberyozkin commented on the issue:

    https://github.com/apache/cxf/pull/273
 
    Hi, thanks for the patch. Can you please consider locking at the AbstractOAuthDataProvider level instead, so that all its extensions (JPA2, JCache, Ehcache and future ones like Mongo-based) can benefit ?
    I'd consider introducing 'Object refreshTokenLock' and use it lock at https://github.com/apache/cxf/blob/master/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java#L211
   
    Let me know please if it works for you


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GitHub] cxf pull request #273: lock RefreshToken entity with pissimistic locking to ...

asfgit
In reply to this post by asfgit
Github user andrei-ivanov commented on a diff in the pull request:

    https://github.com/apache/cxf/pull/273#discussion_r117438543
 
    --- Diff: rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java ---
    @@ -213,6 +221,25 @@ public RefreshToken execute(EntityManager em) {
             });
         }
     
    +    protected void lockRefreshTokenForUpdate(final RefreshToken refreshToken) {
    +        try {
    +            execute(new EntityManagerOperation<Void>() {
    +
    +                @Override
    +                public Void execute(EntityManager em) {
    +                    Map<String, Object> options = Collections.emptyMap();
    +                    if (pessimisticLockTimeout > 0) {
    +                        Collections.singletonMap("javax.persistence.lock.timeout", pessimisticLockTimeout);
    --- End diff --
   
    options = ...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GitHub] cxf pull request #273: lock RefreshToken entity with pissimistic locking to ...

asfgit
In reply to this post by asfgit
Github user sberyozkin commented on a diff in the pull request:

    https://github.com/apache/cxf/pull/273#discussion_r117440452
 
    --- Diff: rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java ---
    @@ -213,6 +221,25 @@ public RefreshToken execute(EntityManager em) {
             });
         }
     
    +    protected void lockRefreshTokenForUpdate(final RefreshToken refreshToken) {
    +        try {
    +            execute(new EntityManagerOperation<Void>() {
    +
    +                @Override
    +                public Void execute(EntityManager em) {
    +                    Map<String, Object> options = Collections.emptyMap();
    +                    if (pessimisticLockTimeout > 0) {
    +                        Collections.singletonMap("javax.persistence.lock.timeout", pessimisticLockTimeout);
    --- End diff --
   
    Good catch, I'm applying PR now so will fix


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GitHub] cxf issue #273: lock RefreshToken entity with pissimistic locking to avoid c...

asfgit
In reply to this post by asfgit
Github user sberyozkin commented on the issue:

    https://github.com/apache/cxf/pull/273
 
    Viacheslav, the patch has been applied with minor updates to let people use a Java lock if they prefer (JPA2 provider is currently using the pessimistic lock as per your code).
   
    However the test fails so I disabled it - can you please have a look and also copy it it to JPACMTOAuthDataProviderOpenJPATest class to make sure it works with OpenJPA - to make sure we don't break the JPA2 provider depending on OpenJPA ? Thanks


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GitHub] cxf pull request #273: lock RefreshToken entity with pissimistic locking to ...

asfgit
In reply to this post by asfgit
Github user asfgit closed the pull request at:

    https://github.com/apache/cxf/pull/273


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Loading...