Spring Security OAuth
  1. Spring Security OAuth
  2. SECOAUTH-195

InMemoryTokenStore can be internally inconsistent if user account is deleted and re-created

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Complete
    • Affects Version/s: 1.0.0.M6
    • Fix Version/s: 1.0.0.M6
    • Component/s: None
    • Labels:
      None

      Description

      InMemoryTokenStore can be internally inconsistent if user account is deleted and re-created. The access tokens are stored in a has keyed on a key generated from the authentication, but the key could stay the same when a user account changes (e.g. deleted and re-created and a primary key changes). And the authentications are stored in a has keyed on the access token value. The two stores can become inconsistent resulting in strange looking 403 errors.

        Activity

        Hide
        Dave Syer added a comment -

        Fixed. Also applied to Jdbc store.

        Show
        Dave Syer added a comment - Fixed. Also applied to Jdbc store.

          People

          • Assignee:
            Dave Syer
            Reporter:
            Dave Syer
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: