Skip to content

io.github.talelin.core.token.DoubleJWT#generateToken 有线程安全问题,登录A账号进入B账号 #324

Open
Open
io.github.talelin.core.token.DoubleJWT#generateToken 有线程安全问题,登录A账号进入B账号#324
@huangjiesen

Description

@huangjiesen
huangjiesen
opened on Jan 26, 2023

描述 bug
image

image

  • 你是如何操作的?
   public class DoubleJWT {
    private JWTCreator.Builder builder;
    public String generateToken(String tokenType, long identity, String scope, long expire) {
        Date expireDate = DateUtil.getDurationDate(expire);
        // builder对象存在线程安全问题
        return builder
                .withClaim("type", tokenType)
                .withClaim("identity", identity)
                .withClaim("scope", scope)
                .withExpiresAt(expireDate)
                .sign(algorithm);
    }
}

如何再现
image

    @Autowired
    private DoubleJWT jwt;

    @Test
    public void test() throws Exception {
        ExecutorService executorService = new ThreadPoolExecutor(8, 20,100L, TimeUnit.SECONDS,new LinkedBlockingQueue<>());
        
        for (int i = 0; i < 300; i++) {
            executorService.execute(() -> {
                long userId = IdWorker.getId();
                String token = jwt.generateAccessToken(userId);
                
                Map<String, Claim> map = jwt.decodeAccessToken(token);
                Long identity = map.get("identity").asLong();
                
                assertTrue("线程安全问题,userId:" + userId + ",identity:" + identity, identity.equals(userId));
            });
        }
    }

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions