QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-18 13:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix chicken-egg session from repeating all-access key values

Browse Source
This commit is contained in:
darin.kelkhoff
2024-05-17 15:59:14 -05:00
parent 425629de52
commit 759972b70c
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
qqq-backend-core/src/main/java/com/kingsrook/qqq/backend/core/modules/authentication/implementations/Auth0AuthenticationModule.java
View File

@ -150,10 +150,7 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
//////////////////////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////////////////////////////////
// this is how we allow the actions within this class to work without themselves having a logged-in user. // // this is how we allow the actions within this class to work without themselves having a logged-in user. //
//////////////////////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////////////////////////////////
private static QSession chickenAndEggSession = new QSession() private static QSession chickenAndEggSession = null;
{
};
@ -163,14 +160,29 @@ public class Auth0AuthenticationModule implements QAuthenticationModuleInterface
*******************************************************************************/ *******************************************************************************/
private QSession getChickenAndEggSession() private QSession getChickenAndEggSession()
{ {
if(chickenAndEggSession == null)
{
////////////////////////////////////////////////////////////////////////////////
// if the static field is null, then let's make a new session; //
// prime it with all all-access keys; and then set it in the static field. //
// and, if 2 threads get in here at the same time, no real harm will be done, //
// other than creating the session twice, and whoever loses the race, that'll //
// be the one that stays in the field //
////////////////////////////////////////////////////////////////////////////////
QSession newChickenAndEggSession = new QSession();
for(String typeName : QContext.getQInstance().getSecurityKeyTypes().keySet()) for(String typeName : QContext.getQInstance().getSecurityKeyTypes().keySet())
{ {
QSecurityKeyType keyType = QContext.getQInstance().getSecurityKeyType(typeName); QSecurityKeyType keyType = QContext.getQInstance().getSecurityKeyType(typeName);
if(StringUtils.hasContent(keyType.getAllAccessKeyName())) if(StringUtils.hasContent(keyType.getAllAccessKeyName()))
{ {
chickenAndEggSession = chickenAndEggSession.withSecurityKeyValue(keyType.getAllAccessKeyName(), true); newChickenAndEggSession.withSecurityKeyValue(keyType.getAllAccessKeyName(), true);
} }
} }
chickenAndEggSession = newChickenAndEggSession;
}
return (chickenAndEggSession); return (chickenAndEggSession);
} }