SSDM-8404: make servlet thread safe

ef438bf5 · felmer · b87c1bce · ef438bf5
Commit ef438bf5 authored 5 years ago by felmer
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
@@ -51,6 +51,8 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
 @Controller
 public class SingleSignOnServlet extends AbstractServlet
 {
+    private static final String OPENBIS_COOKIE = "openbis";
+
    public static final String SERVLET_NAME = "ssos";

    public static final String SESSION_ID_KEY = "session-id-key";
@@ -111,17 +113,20 @@ public class SingleSignOnServlet extends AbstractServlet
        operationLog.info("handle sso event");
        removeStaleSessions();
        String sessionId = getHeader(request, SESSION_ID_KEY, DEFAULT_SESSION_ID_KEY);
-        String sessionToken = sessionTokenBySessionId.get(sessionId);
-        String returnURL = request.getParameter("return");
-        if (returnURL != null)
-        {
-            handleLogOut(request, response, sessionId, sessionToken, returnURL);
-        } else
+        synchronized (this)
        {
-            handleLogIn(request, response, sessionId, sessionToken);
+            String sessionToken = sessionTokenBySessionId.get(sessionId);
+            String returnURL = request.getParameter("return");
+            if (returnURL != null)
+            {
+                handleLogOut(request, response, sessionId, sessionToken, returnURL);
+            } else
+            {
+                handleLogIn(request, response, sessionId, sessionToken);
+            }
        }
    }
-    
+
    private void removeStaleSessions()
    {
        for (Entry<String, String> entry : new ArrayList<>(sessionTokenBySessionId.entrySet()))
@@ -193,7 +198,7 @@ public class SingleSignOnServlet extends AbstractServlet
        String redirectUrl = configurer.getResolvedProps().getProperty(REDIRECT_URL_KEY, template.createText());
        operationLog.info("redirect to " + redirectUrl);
        removeOpenbisCookies(request, response);
-        Cookie cookie = new Cookie("openbis", sessionToken);
+        Cookie cookie = new Cookie(OPENBIS_COOKIE, sessionToken);
        cookie.setPath("/");
        response.addCookie(cookie);
        response.sendRedirect(redirectUrl);
@@ -204,7 +209,7 @@ public class SingleSignOnServlet extends AbstractServlet
        Cookie[] cookies = request.getCookies();
        for (Cookie cookie : cookies)
        {
-            if (cookie.getName().equals("openbis"))
+            if (cookie.getName().equals(OPENBIS_COOKIE))
            {
                cookie.setValue("");
                cookie.setPath("/");