aspose file tools*
The moose likes JSP and the fly likes setProperty and thread safety Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "setProperty and thread safety" Watch "setProperty and thread safety" New topic
Author

setProperty and thread safety

Jill Smythe
Greenhorn

Joined: Jan 27, 2004
Posts: 11
Hi,
I have a query about the <jsp:setProperty> tag and thread-safety. As far as I can see, any code using this tag to record variables entered in a form cannot be thread safe. Is this true?
For example, my code is:
--------------------------------------------------------------
<%@page contentType="text/html"%>
<%@ page session="true" errorPage="errorpage.jsp" import="TeamWebsite.Security.Authenticate%>
<jsp:useBean id="auth" scope="session" class="TeamWebsite.Security.Authenticate20" />
<jsp:setProperty name="auth" property="*"/>
<% auth.authenticate(request, response); %>
---------------------------------------------------------------------
Even though auth.authenticate(request, response) is a synchronized method, I'm pretty sure interference can occur during the setProperty method as in the following trace:
Thread 1: Enters form Data
Thread 1: jsp:setProperty methods are called, and form items recorded in instance "auth" of this object
<Control switches to thread 2>
Thread 2: Enters form Data
Thread 2: jsp:setProperty methods are called, and form items are called in instance "auth" of this object
<Control switches to thread 1>
Thread 1: Calls authenticate() and uses the variables set by Thread 2 (unintentially)
<Control switches to thread 2>
Thread 2: Calls authenticate() and uses the variables set by Thread 2
All of the methods in my JavaBean are thread-safe, but the initial code using <jsp:setProperty> is not by default. Am I able to include this tag within a synchronized method so the bean variables can be set and other methods executed as a single unit?
I know the other alternative is to implement the single threaded model <%@ page isThreadSafe="false" %> but this is my last resort for performance reasons.
Any light that can be shed on this subject would be much appreciated!!
Jill
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 639

Thread 1: Enters form Data
Thread 1: jsp:setProperty methods are called, and form items recorded in instance "auth" of this object
<Control switches to thread 2>
Thread 2: Enters form Data
Thread 2: jsp:setProperty methods are called, and form items are called in instance "auth" of this object
<Control switches to thread 1>
Thread 1: Calls authenticate() and uses the variables set by Thread 2 (unintentially)
<Control switches to thread 2>
Thread 2: Calls authenticate() and uses the variables set by Thread 2

Hi Jill,
Above Trace is possibel in case where multiple users(browser) share single session object,cause you have define auth object with session scope,hence two threads serving different session(client) will not share same auth object.
Now coming back to sharing single session by multiple clients,its no possible using IE,when ever you open your form page in new instance of IE it will get its own copy of session.but Netscape do continue in same session.so I guess by sync. your session will make ur code thread safe in netscape.
ex:-

hope this helps
Cheers
Praful


All desirable things in life are either illegal, banned, expensive or married to someone else !!!
Jill Smythe
Greenhorn

Joined: Jan 27, 2004
Posts: 11
Hi Praful,
Thanks for your reply -- it was really helpful.
Can I just clarify with you then, a session object exists for the time that one user's browser is open and is always separate from any other users that may be referencing the bean at the same time? Eg, if PC1 and PC2 instantiate "auth" at the exact same time these are completely different session objects...? Is this correct?
If this is the case, then it would look like my code is in fact thread-safe and interference will not occur...
Have I got it right?
Thanks!
Jill
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 639

If this is the case, then it would look like my code is in fact thread-safe and interference will not occur... Have I got it right?


Yes Sir,you are on target,both pcs will get diffrent session object.
Cheers
Praful
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61426
    
  67

Sorry, but the code is not thread-safe.
It is entirely possible that multiple windows on the same system and/or frames in the same browser window can access the same session simultaneously. So synchronize accordingly.
Simply relying on the fact that it is unlikely that there should be a conflict does not make the code thread-safe.
[ February 15, 2004: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 639
Hi Bear,
I tried opening same page with multiple instance of IE 6 and for every instance i got new session object,where as Netscape on same OS gave me same session for all instance.
can you kindly throw some light on this
Thanx
Praful
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61426
    
  67

Since the session id is stored in a cookie, it all has to do with how the browser will share cookie instances across its windows.
My point was: even if you could guarantee that each 'window' that can make requests had a unique session (which you cannot), that doesn't make the code "thread safe" -- it would merely make it unlikely that the thread-unsafe code would cause problems.
And even if the browser does not share cookies amongst its windows, the use of frames or iframes make it quite likely that the same session could be "hit" simultaneously as the pages within the frames/iframes load.
Jill Smythe
Greenhorn

Joined: Jan 27, 2004
Posts: 11
So by synchronizing the session object in the following way will ensure that data interference cannot occur between objects created in a single session:

Also, each separate session (eg, different users on different PCs) will create separate instances of "auth" object and therefore interference is not possible between users on different PCs. I think I've got it now
Thanks for your help,
Jill
Scott Duncan
Ranch Hand

Joined: Nov 01, 2002
Posts: 363
I tried opening same page with multiple instance of IE 6 and for every instance i got new session object

This is true if you open a new IE instance from your start menu or desktop, etc. However, if from the same browser window, you choose file-->open or ctrl + n the session will be the same and its objects will be present when using that new window. So it is the same as using frames in this respect. Do not think it is unlikely that this will happen. We rolled out a major project a few years back. One part of the project, the person who trained the users told them to press ctrl + n to open a new browser and do some other stuff. The result was a nightmare, of course.


No more rhymes! I mean it!<br /> <br />Does anybody want a peanut?
Praful Thakare
Ranch Hand

Joined: Feb 10, 2001
Posts: 639
Bear & William ,
Thanx a bunch for your replies,things are much clear now
So Jill,Moral of the story is,your code is safe as far as it is called from different pcs,but calling it from same pc may create problems.
And I guess synchronizing session will make it thread safe
Cheers
Praful
[ February 16, 2004: Message edited by: Praful Thakare ]
[ February 16, 2004: Message edited by: Praful Thakare ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: setProperty and thread safety