AuthorizationCodeFlow thread safe, why use a lock?

36 views
Skip to first unread message

Lars Bohl

unread,
Mar 30, 2014, 3:10:58 AM3/30/14
to google-oauth...@googlegroups.com
In AbstractAuthorizationCodeCallbackServlet (from the google-oauth-java-client repo) I see the following code:

  private final Lock lock = new ReentrantLock();
  private AuthorizationCodeFlow flow;

  @Override
  protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException {
    StringBuffer buf = req.getRequestURL();
    if (req.getQueryString() != null) {
      buf.append('?').append(req.getQueryString());
    }
    AuthorizationCodeResponseUrl responseUrl = new AuthorizationCodeResponseUrl(buf.toString());
    String code = responseUrl.getCode();
    if (responseUrl.getError() != null) {
      onError(req, resp, responseUrl);
    } else if (code == null) {
      resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
      resp.getWriter().print("Missing authorization code");
    } else {
      lock.lock();
      try {
        if (flow == null) {
          flow = initializeFlow();
        }
        String redirectUri = getRedirectUri(req);
        TokenResponse response = flow.newTokenRequest(code).setRedirectUri(redirectUri).execute();
        String userId = getUserId(req);
        Credential credential = flow.createAndStoreCredential(response, userId);
        onSuccess(req, resp, credential);
      } finally {
        lock.unlock();
      }
    }
  }

I'm wondering why this code uses a lock? AuthorizationCodeFlow is supposed to be thread safe, according to the javadoc

Reply all
Reply to author
Forward
0 new messages