io.github.talelin.core.token.DoubleJWT#generateToken 有线程安全问题,登录A账号进入B账号 #324
Description
描述 bug
- 你是如何操作的?
public class DoubleJWT {
private JWTCreator.Builder builder;
public String generateToken(String tokenType, long identity, String scope, long expire) {
Date expireDate = DateUtil.getDurationDate(expire);
// builder对象存在线程安全问题
return builder
.withClaim("type", tokenType)
.withClaim("identity", identity)
.withClaim("scope", scope)
.withExpiresAt(expireDate)
.sign(algorithm);
}
}
如何再现
@Autowired
private DoubleJWT jwt;
@Test
public void test() throws Exception {
ExecutorService executorService = new ThreadPoolExecutor(8, 20,100L, TimeUnit.SECONDS,new LinkedBlockingQueue<>());
for (int i = 0; i < 300; i++) {
executorService.execute(() -> {
long userId = IdWorker.getId();
String token = jwt.generateAccessToken(userId);
Map<String, Claim> map = jwt.decodeAccessToken(token);
Long identity = map.get("identity").asLong();
assertTrue("线程安全问题,userId:" + userId + ",identity:" + identity, identity.equals(userId));
});
}
}