summaryrefslogtreecommitdiffstats
path: root/server/src
diff options
context:
space:
mode:
authorJohannes Dahlström <johannesd@vaadin.com>2013-08-05 15:47:16 +0300
committerVaadin Code Review <review@vaadin.com>2013-08-06 13:14:39 +0000
commit7212e02a9b4eb02759f7b2195187a6e6db6bfb33 (patch)
treec7ba48f9e97f063240a2d59212116e58f97b7294 /server/src
parent16d17f9824dfac7e55e3ca98444f9da3205c0336 (diff)
downloadvaadin-framework-7212e02a9b4eb02759f7b2195187a6e6db6bfb33.tar.gz
vaadin-framework-7212e02a9b4eb02759f7b2195187a6e6db6bfb33.zip
Fix race in VaadinService.lockSession() (#12282)7.1.2
The session might be invalidated before lockSession() acquires the lock. Check if the session is still valid after locking and ensure SessionExpiredException is thrown if not. Change-Id: Iad716332a65b7c198427fce5198f6808140c140c
Diffstat (limited to 'server/src')
-rw-r--r--server/src/com/vaadin/server/VaadinService.java21
1 files changed, 20 insertions, 1 deletions
diff --git a/server/src/com/vaadin/server/VaadinService.java b/server/src/com/vaadin/server/VaadinService.java
index 17bce7ad15..c9a5f0974a 100644
--- a/server/src/com/vaadin/server/VaadinService.java
+++ b/server/src/com/vaadin/server/VaadinService.java
@@ -564,6 +564,9 @@ public abstract class VaadinService implements Serializable {
*
* @param wrappedSession
* The session to lock
+ *
+ * @throws IllegalStateException
+ * if the session is invalidated before it can be locked
*/
protected void lockSession(WrappedSession wrappedSession) {
Lock lock = getSessionLock(wrappedSession);
@@ -584,6 +587,17 @@ public abstract class VaadinService implements Serializable {
}
}
lock.lock();
+
+ try {
+ // Someone might have invalidated the session between fetching the
+ // lock and acquiring it. Guard for this by calling a method that's
+ // specified to throw IllegalStateException if invalidated
+ // (#12282)
+ wrappedSession.getAttribute(getLockAttributeName());
+ } catch (IllegalStateException e) {
+ lock.unlock();
+ throw e;
+ }
}
/**
@@ -607,7 +621,12 @@ public abstract class VaadinService implements Serializable {
WrappedSession wrappedSession = getWrappedSession(request,
requestCanCreateSession);
- lockSession(wrappedSession);
+ try {
+ lockSession(wrappedSession);
+ } catch (IllegalStateException e) {
+ throw new SessionExpiredException();
+ }
+
try {
return doFindOrCreateVaadinSession(request, requestCanCreateSession);
} finally {