I'm using HP Fortify SCA and Apps 4.20 for my project which used Struts2 spring Hibernate. The report said my project has
Race Condition: Singleton Member Field
problem with the controllers.
However, Struts2 is thread safe, because it create a new instance when a new request come. Furthermore, I set spring annotation in the controller
@Controller
@Scope("request")
I don't know how to solve this problem. Did it misjudge, or there are problem with my project.
Struts2 is threadsafe, because it creates a new action instance per request.
But it's not request scoped. (If you want to implement request scope strategy in Struts2 you can read this question.)
Instead, it uses a default scope for the action instance. If Struts2 is integrated with Spring the scope of the action bean you should define using Spring configuration. By default spring is using a singleton scope.
This could be a source for your problem with race condition. Because you accessing a singleton member field.
If you delegate to Spring to manage your action beans, then you should use prototype scope.
Also don't use Spring-MVC annotations like @Controller, it has less meaning to Struts2. The @Component is enough to enable DI capability.
Race condition can be caused by instance member in servlet, which must be thread safe. If this is the case, move offending member to method to render thread-safe.
