SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Fei He

Saved on

compared with

New Version 6

changes.mady.by.user Fei He

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
The keyword {{synchronized}} is known to make sure the synchronization of threads within a process in Java. However, care should be taken when writing a thread-safe class to defend itself from possible denial-of-service attack
\[[Effective Java|http://books.google.com/books?id=ZZOiqZQIbRMC&pg=PA210&lpg=PA210&dq=private+lock+object+idiom&source=bl&ots=UZP26thN4-&sig=QCPUutihieMlD8cNJIwPLpvBCXc&hl=en&ei=RJPzSsG0EJXilAezjuWjAw&sa=X&oi=book_result&ct=result&resnum=1&ved=0CAgQ6AEwAA#v=onepage&q=private%20lock%20object%20idiom&f=false]\].

A idiom called private lock object can be used to prevent the DOS attack. By calling the synchronized block, the caller is only able to obtain a lock object in the instance, not the whole instance itself so that other threads may still proceed. This technique also enhance concurrency granularity as different locks can be created according to the program logic and resources.

Internal object for locking is especially suitable in a inheritance environment. If the superclass use the entire instance for locking, a subclass can interfere with its operation. Declare lock as member variable eliminate this situation.

Noncompliant Code Example

A malicious client using the instantiated thread-safe object can mount a denial-of-service attack simply by holding the lock on the object:

Code Block
bgColor#FFCCCC

class importantObj {
    public synchronized void changeValue() { // lock on this
        ...
    }
    ...
}

// Denial-of-service attack from caller
synchronized (importantObject) {
    Thread.sleep(Integer.MAX_VALUE); // Disable importantObject
}

Compliant Solution

Code Block
bgColor#ccccff

// private lock object idiom - thawts denial-of-service attack
class importantObj {
private Object lock = new Object();
    public void changeValue() { // lock on this
        synchronized(lock) {
            ...
        }
    }
    ...
}

If the method changeValue is called in this case, the lock is obtained on a private Object that is both invisible and inaccessible from the caller. The this instance is not vulnerable from denial-of-service attack. Thread-safe class may be protected in this way by using the private lock object idiom.

Reference

Wiki Markup
\[[Effective Java|http://books.google.com/books?id=ZZOiqZQIbRMC&pg=PA210&lpg=PA210&dq=private+lock+object+idiom&source=bl&ots=UZP26thN4-&sig=QCPUutihieMlD8cNJIwPLpvBCXc&hl=en&ei=RJPzSsG0EJXilAezjuWjAw&sa=X&oi=book_result&ct=result&resnum=1&ved=0CAgQ6AEwAA#v=onepage&q=private%20lock%20object%20idiom&f=false]\]