Open Kiiv opened 11 months ago
@Kiiv - I have tried to reproduce this, but I have been unable to reproduce the problem. Can you share how you are generating the JWTs and applying the load?
Shame on me, I've missed something on the client side inducing same token sent multiple times... So sorry for the time lost on this...
Just to understand, DefaultJsonWebTokenImpl not beeing @RequestScope does not implies it will be @Dependent and so its life cycle linked to the @ApplicationScope outer bean ?
@Kiiv I believe an instance of the com.ibm.ws.security.mp.jwt.principal.PrincipalBean
class is actually the bean being injected when doing
@Inject
private JsonWebToken jwt;
That class is annotated like so:
@Alternative
@Priority(100)
@RequestScoped
public class PrincipalBean implements JsonWebToken {
That should ensure the injected JWT is properly scoped to the request.
Describe the bug
When trying to inject JsonWebToken via CDI in an @ApplicationScoped bean we sometime get the token of another request.
In the specification we can read :
Maybe I've missed something but DefaultJsonWebTokenImpl is not annotated @RequestScoped so it could be the cause of my problem.
Steps to Reproduce
I'm injecting JsonWebToken object as follow :
As you can see, my REST resource is annotated @ApplicationScope. Under heavy load I sometime get the same JsonWebToken for two different requests : same "uniqueId" is printed several times.
Expected behavior
I should get the JsonWebToken linked to my request even if the outer bean is @ApplicationScoped
Diagnostic information:
server.xml configuration (WITHOUT sensitive information like passwords)