Spring Web Flow
  1. Spring Web Flow
  2. SWF-1437

Two concurrent threads in an expression of a flow override the rootobject of evaluation context

    Details

      Description

      When two concurrent threads are evaluating an expression contained in a flow, the evaluation context linked to the expression can be overriden by multiple threads.

      Result is in most of cases NullPointerException in a getValueInternal of classes from org.springframework.expression.spel.ast package (like PropertyOrFieldReference for example).

      Wrong code seems to be in org.springframework.binding.expression.spel.SpringELExpression :

      public Object getValue(Object rootObject) throws EvaluationException {
      try {
      updateEvaluationContext(rootObject);
      return expression.getValue(evaluationContext, expectedType);
      ...
      As the SpringElExpression is unique for the expression to be evaluated, it's not thread safe when updating the evaluation context with root object.

      Synchronize this method resolves problem.

        Issue Links

          Activity

          Hide
          shyju subramanian added a comment -

          Do you know what are the jar files which we should use to upgrade?

          Show
          shyju subramanian added a comment - Do you know what are the jar files which we should use to upgrade?
          Hide
          shyju subramanian added a comment -

          I had upgrade the spring webflow jar to release 2.3.1 and still the same error occurs intermittently.

          Show
          shyju subramanian added a comment - I had upgrade the spring webflow jar to release 2.3.1 and still the same error occurs intermittently.
          Hide
          quentin ng added a comment - - edited

          I'm getting this issue in production where I have over 100 concurrent connections. Only occurs under load.

          Using SpringWebFlow 2.3.1.
          Using Spring 3.2.1

          This is a serious production issue as data is being polluted in different sessions. ie. User a see's user b's data.

          With peak usage in the last 3 days of over 3000 transactions, we're getting a failure rate of 2 or 3 a day. The worst thing being users sesing other user's data.

          Show
          quentin ng added a comment - - edited I'm getting this issue in production where I have over 100 concurrent connections. Only occurs under load. Using SpringWebFlow 2.3.1. Using Spring 3.2.1 This is a serious production issue as data is being polluted in different sessions. ie. User a see's user b's data. With peak usage in the last 3 days of over 3000 transactions, we're getting a failure rate of 2 or 3 a day. The worst thing being users sesing other user's data.
          Hide
          Musikolo added a comment -

          Hi guys,

          We are also experiencing the same problem as described above regarding users seeing other users' data. We are currently using Spring 3.1.4 + Spring Web Flow 2.2.0. Even though we have tried to upgrade SWF to 2.3.1 and 2.3.2, we have been unsuccessful. So taking into account how critical this problem is, particularly being true in the project we are working on as data is highly sensitive, is there any chance to have a fix in a short time? Is there any workaround for it?

          Looking forward to your reply.

          Best regards.

          Show
          Musikolo added a comment - Hi guys, We are also experiencing the same problem as described above regarding users seeing other users' data. We are currently using Spring 3.1.4 + Spring Web Flow 2.2.0. Even though we have tried to upgrade SWF to 2.3.1 and 2.3.2, we have been unsuccessful. So taking into account how critical this problem is, particularly being true in the project we are working on as data is highly sensitive, is there any chance to have a fix in a short time? Is there any workaround for it? Looking forward to your reply. Best regards.
          Hide
          Rossen Stoyanchev added a comment -

          I am closing this issue since it was addressed and confirmed as fixed by the original reporter.

          It is highly unlikely that anyone is experiencing the same synchronization issue in SpringELExpression that was identified and fixed. You are likely seeing a NPE resulting from an EL expression but the root cause needs to be determined. There can be many other reasons.

          You will need to open a new ticket and provide a fresh description of the problem as you experience it using the latest release (currently 2.3.2).

          Show
          Rossen Stoyanchev added a comment - I am closing this issue since it was addressed and confirmed as fixed by the original reporter. It is highly unlikely that anyone is experiencing the same synchronization issue in SpringELExpression that was identified and fixed. You are likely seeing a NPE resulting from an EL expression but the root cause needs to be determined. There can be many other reasons. You will need to open a new ticket and provide a fresh description of the problem as you experience it using the latest release (currently 2.3.2).

            People

            • Assignee:
              Rossen Stoyanchev
              Reporter:
              Patrick
            • Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development