What steps will reproduce the problem?
1. Load test with multiple concurrent users logging in and out every second
2.
3.
What is the expected output? What do you see instead?
All users should be successfully authenticated.
However, periodically two or more users will fail to log in.
The maximum supported concurrent users for us is currently around 5. With
the fix below we are able to easily support over 100 concurrent users.
What version of the product are you using? On what operating system?
0.9.3, Java 1.5, WinXP or Solaris
Please provide any additional information below.
The problem is caused because SimpleDateFormat is not thread safe.
The class org.openid4java.consumer.AbstractNonceVerifier declares a
variable of type InternetDateFormat which uses the SimpleDateFormat.
This variable is used in this class and in the derived class. The method
in the derived class is synchronized but the method in
AbstractNonceVerifier is not synchronized.
Solution
Update org.openid4java.consumer.AbstractNonceVerifier at line 48 of the
trunk, set the method to be syncrhonized:
public synchronized int seen(String opUrl, String nonce)
Original issue reported on code.google.com by mike.ne...@gmail.com on 24 Nov 2008 at 9:36
Original issue reported on code.google.com by
mike.ne...@gmail.com
on 24 Nov 2008 at 9:36