java – 使用ThreadLocal绕过Servlet threadunsafety?

我正在调试一些旧的servlet,有很多例外.没有ConcurrentModificationExceptions感谢很多(太多)同步关键字,但我仍然怀疑servlet threadunsafety.我读了这篇关于servlet和threadsafety的
very interesting question,并认为这个例子是一个很好的基础:

public class ExampleServlet extends HttpServlet {

    private Object thisIsNOTThreadSafe;

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        Object thisIsThreadSafe;

        thisIsNOTThreadSafe = request.getParameter("foo"); // BAD!! Shared among all requests!
        thisIsThreadSafe = request.getParameter("foo"); // OK, this is thread safe.
    } 
}

实际上,编写我的servlet的人似乎也意识到了这一点,但决定通过这样做来绕过它:

public class ExampleServlet extends HttpServlet {

    private ThreadLocal<MyObject> thisIsMaybeThreadSafe = new ThreadLocal<MyObject>();;

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // we want to avoid having to use this parameter in every method
        thisIsMaybeThreadSafe.set((MyObject)getObjectInSesssion("foo"));
        doStuff(request, response);
    } 
}

代码中还包含类似的内容

synchronized(request.getAttribute("foo")){
   doStuff(request, response);
}

我对这一切都有不好的感觉,并且正在寻找证明这是危险的证据.实际上在阅读了问题NullPointerException when setting attribute之后,我觉得有些事情一定是错的,因为我得到了类似这样的堆栈跟踪:

11:07:17,525 ERROR [com.mycompany.myproject.web.business.servlet.map.tree.MapServlet] Error processing AjaxTreeAccessRequest
java.lang.NullPointerException
    at org.apache.catalina.connector.Request.notifyAttributeAssigned(Request.java:1493)
    at org.apache.catalina.connector.Request.setAttribute(Request.java:1484)
    at org.apache.catalina.connector.RequestFacade.setAttribute(RequestFacade.java:539)
    at javax.servlet.ServletRequestWrapper.setAttribute(ServletRequestWrapper.java:244)
    at org.apache.myfaces.context.servlet.RequestMap.setAttribute(RequestMap.java:51)
    at org.apache.myfaces.util.AbstractAttributeMap.put(AbstractAttributeMap.java:108)
    at org.apache.myfaces.el.VariableResolverImpl.resolveVariable(VariableResolverImpl.java:304)
    at org.springframework.web.jsf.DelegatingVariableResolver.resolveOriginal(DelegatingVariableResolver.java:120)
    at org.springframework.web.jsf.DelegatingVariableResolver.resolveVariable(DelegatingVariableResolver.java:105)
    at com.mycompany.myproject.web.common.servlet.AbstractFacesServlet.getManagedBean(AbstractFacesServlet.java:67)
    at com.mycompany.myproject.web.business.servlet.map.tree.MapServlet.getSessionTreeBean(MapServlet.java:184)
    at com.mycompany.myproject.web.business.servlet.map.tree.AjaxTreeAccess.initRequest(AjaxTreeAccess.java:355)
    at com.mycompany.myproject.web.business.servlet.map.tree.AjaxTreeAccess.processRequest(AjaxTreeAccess.java:134)
    at com.mycompany.myproject.web.common.servlet.AbstractFacesServlet.handleRequest(AbstractFacesServlet.java:81)
    at org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:63)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.mycompany.myproject.commun.presentation.jsf.OpenSynchronizedSessionInViewFilter.doFilterInternal(OpenSynchronizedSessionInViewFilter.java:58)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265)
    at com.mycompany.myproject.web.common.filter.SwitchUserProcessingFilter.doFilter(SwitchUserProcessingFilter.java:66)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:110)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:81)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:229)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    at org.acegisecurity.ui.logout.LogoutFilter.doFilter(LogoutFilter.java:106)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:286)
    at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275)
    at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149)
    at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.mycompany.myproject.web.business.filter.UserBindingFilter.doFilter(UtilisateurCourantBindingFilter.java:55)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.mycompany.myproject.web.common.filter.SessionTimeoutFilter.doFilter(SessionTimeoutFilter.java:67)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.mycompany.myproject.web.common.filter.SessionLoginFilter.doFilter(SessionLoginFilter.java:56)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.mycompany.profiling.prof.filter.ProfContextFilter.doFilter(ProfContextFilter.java:26)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:526)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:655)
    at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1523)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:744)

我宁愿摆脱所有这些ThreadLocal的东西,但重构将是一个巨大而且有风险的旧遗留代码,实际上没有人记得它是如何工作所以我需要认真的建议.

仅供参考.整个应用程序在遗留的spring-JSF代码中,而一些ThreadLocal变量实际上是与JSF会话相关的bean.我该怎么做来检查这个应用程序的全局线程安全性?

最佳答案 > synchronized(request.getAttribute(“foo”))很糟糕,因为请求中没有foo,你会获得NPE.最好使用一些专用的锁定对象.

>关于ThreadLocal的使用 – 如果不过度使用它就没问题.对于你发布的大小代码没关系,但我认为真正的问题在于你真正的代码库,并且除了表明你需要编写大量的单元测试(尽可能简单)之外,在这里提供简短有用的建议是不可能的.你真正的逻辑(而不是那个与Servlet API和并发有关的逻辑),然后逐渐将代码库重构为更健全的状态.

希望这可以帮助 :)

点赞