From ef438bf5487f7f8e9cab1aec07d18c5dbde14a5c Mon Sep 17 00:00:00 2001
From: felmer <franz-josef.elmer@id.ethz.ch>
Date: Mon, 2 Sep 2019 12:43:26 +0200
Subject: [PATCH] SSDM-8404: make servlet thread safe

---
 .../generic/server/SingleSignOnServlet.java   | 25 +++++++++++--------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
index 92d921689a1..a2ec8176f54 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
@@ -51,6 +51,8 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
 @Controller
 public class SingleSignOnServlet extends AbstractServlet
 {
+    private static final String OPENBIS_COOKIE = "openbis";
+
     public static final String SERVLET_NAME = "ssos";
 
     public static final String SESSION_ID_KEY = "session-id-key";
@@ -111,17 +113,20 @@ public class SingleSignOnServlet extends AbstractServlet
         operationLog.info("handle sso event");
         removeStaleSessions();
         String sessionId = getHeader(request, SESSION_ID_KEY, DEFAULT_SESSION_ID_KEY);
-        String sessionToken = sessionTokenBySessionId.get(sessionId);
-        String returnURL = request.getParameter("return");
-        if (returnURL != null)
-        {
-            handleLogOut(request, response, sessionId, sessionToken, returnURL);
-        } else
+        synchronized (this)
         {
-            handleLogIn(request, response, sessionId, sessionToken);
+            String sessionToken = sessionTokenBySessionId.get(sessionId);
+            String returnURL = request.getParameter("return");
+            if (returnURL != null)
+            {
+                handleLogOut(request, response, sessionId, sessionToken, returnURL);
+            } else
+            {
+                handleLogIn(request, response, sessionId, sessionToken);
+            }
         }
     }
-    
+
     private void removeStaleSessions()
     {
         for (Entry<String, String> entry : new ArrayList<>(sessionTokenBySessionId.entrySet()))
@@ -193,7 +198,7 @@ public class SingleSignOnServlet extends AbstractServlet
         String redirectUrl = configurer.getResolvedProps().getProperty(REDIRECT_URL_KEY, template.createText());
         operationLog.info("redirect to " + redirectUrl);
         removeOpenbisCookies(request, response);
-        Cookie cookie = new Cookie("openbis", sessionToken);
+        Cookie cookie = new Cookie(OPENBIS_COOKIE, sessionToken);
         cookie.setPath("/");
         response.addCookie(cookie);
         response.sendRedirect(redirectUrl);
@@ -204,7 +209,7 @@ public class SingleSignOnServlet extends AbstractServlet
         Cookie[] cookies = request.getCookies();
         for (Cookie cookie : cookies)
         {
-            if (cookie.getName().equals("openbis"))
+            if (cookie.getName().equals(OPENBIS_COOKIE))
             {
                 cookie.setValue("");
                 cookie.setPath("/");
-- 
GitLab