diff options
author | Johannes Dahlström <johannesd@vaadin.com> | 2013-08-05 15:47:16 +0300 |
---|---|---|
committer | Vaadin Code Review <review@vaadin.com> | 2013-08-06 13:14:39 +0000 |
commit | 7212e02a9b4eb02759f7b2195187a6e6db6bfb33 (patch) | |
tree | c7ba48f9e97f063240a2d59212116e58f97b7294 /server/src | |
parent | 16d17f9824dfac7e55e3ca98444f9da3205c0336 (diff) | |
download | vaadin-framework-7212e02a9b4eb02759f7b2195187a6e6db6bfb33.tar.gz vaadin-framework-7212e02a9b4eb02759f7b2195187a6e6db6bfb33.zip |
Fix race in VaadinService.lockSession() (#12282)7.1.2
The session might be invalidated before lockSession() acquires the lock.
Check if the session is still valid after locking and ensure
SessionExpiredException is thrown if not.
Change-Id: Iad716332a65b7c198427fce5198f6808140c140c
Diffstat (limited to 'server/src')
-rw-r--r-- | server/src/com/vaadin/server/VaadinService.java | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/server/src/com/vaadin/server/VaadinService.java b/server/src/com/vaadin/server/VaadinService.java index 17bce7ad15..c9a5f0974a 100644 --- a/server/src/com/vaadin/server/VaadinService.java +++ b/server/src/com/vaadin/server/VaadinService.java @@ -564,6 +564,9 @@ public abstract class VaadinService implements Serializable { * * @param wrappedSession * The session to lock + * + * @throws IllegalStateException + * if the session is invalidated before it can be locked */ protected void lockSession(WrappedSession wrappedSession) { Lock lock = getSessionLock(wrappedSession); @@ -584,6 +587,17 @@ public abstract class VaadinService implements Serializable { } } lock.lock(); + + try { + // Someone might have invalidated the session between fetching the + // lock and acquiring it. Guard for this by calling a method that's + // specified to throw IllegalStateException if invalidated + // (#12282) + wrappedSession.getAttribute(getLockAttributeName()); + } catch (IllegalStateException e) { + lock.unlock(); + throw e; + } } /** @@ -607,7 +621,12 @@ public abstract class VaadinService implements Serializable { WrappedSession wrappedSession = getWrappedSession(request, requestCanCreateSession); - lockSession(wrappedSession); + try { + lockSession(wrappedSession); + } catch (IllegalStateException e) { + throw new SessionExpiredException(); + } + try { return doFindOrCreateVaadinSession(request, requestCanCreateSession); } finally { |