Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Code quality rule for finding non threadsafe singleton spring implementations

Is there any Checkstyle, PMD or Findbugs rule which could find the following non threadsafe spring singleton implementation?

private String helperVar;

public String getValue(String value) {
   helperVar = value;
   return convertValue();
}

private String convertValue() {
   return helperVar.trim();
}

I know this sample is horrible but it is the easiest way to show what I mean.

When executing the getValue method from the bean in a single execution it would work fine. But when executing it in a multi user environment it would lead to unpredictable errors/behaviour.

Is there a way to find these occurences without going through the code manually? Are there any static code checkers which could check this and each variation of it automatically?

like image 243
B4dT0bi Avatar asked Jan 17 '14 15:01

B4dT0bi


People also ask

Why singleton beans are not thread safe in Spring framework?

A piece of code is thread-safe if it only manipulates shared data structures in a manner that guarantees safe execution by multiple threads at the same time. So eventually thread safety depends on the code and the code only. And this is the reason why Spring beans are not thread safe per se.

How can we make singleton class thread safe in spring?

Thread Safe Singleton in JavaDeclare a private static instance of the same class. Provide a public static method that will return the singleton class instance variable. If the variable is not initialized then initialize it or else simply return the instance variable.

Is spring a Threadsafe?

In a standard servlet-based Spring web application, every new HTTP request generates a new thread. If the container creates a new bean instance just for that particular request, we can say this bean is thread-safe.

Is spring boot component thread safe?

No spring object is not thread safe . You have to manage it. For scope thread different service bean is created for every new thread request to service.


1 Answers

This might not be acceptable to you but I sometimes employ runtime bean reflection to validate code consistency.

For your use case I would first make all of my beans use constructor based injection and make all member fields final. I believe findbugs even has some immutable bean checkers.

Second to do the code consistency for your use case I would use either Spring BeanPostProcessor or just a class that implements ApplicationContextAware and then walks the ApplicationContext. Now you just check the beans that get loaded in the application context that are yours (just check the package name of the beans class) to make sure that all the fields are final. Yes you will need a more lax security manager or enable your security policy to allow private variable reflection but for most this is not a problem especially if your already using something like hibernate.

If there is a field that is not final ie invalid code you just throw an exception and your Spring app will not start.

For various exceptions to the rule you could use custom annotations for fields that need not be final or classes thats need to ignore the rule.

You might be concerned with performance or that Spring constructor injection is not powerful enough but Spring already does an enormous amount of reflection anyway on boot up and constructor based injection has gotten rather powerful these days such that you can even do property place holder values with @Value(${PROP}).

like image 177
Adam Gent Avatar answered Oct 18 '22 05:10

Adam Gent