After recent upgrade from Oracle 12c/java 8 we discovered that user session is interfering with another user session i.e when logged in, user sets it's credentials(ID) onto another user's session.
Required data regarding the project's settings:
Hikari Datasource:
driver-class-name: oracle.jdbc.driver.OracleDriver
hikari:
connection-timeout: 300000
idleTimeout: 300000
minimum-idle: 10
maximumPoolSize: 20
pool-name: DL_CONNECTION
leak-detection-threshold: 600000
Example of setting user from JWT:
SomeLogic.java
public class SomeClass {
private final HikariDataSource hds;
private final JwtTokenUtil jwt;
////logic here
conn = hds.getConnection();
jwt.sendTokenDB(conn, req);
////logic there
}
------------------------------------------------------
JwtTokenUtil.java
import io.jsonwebtoken.Jwts;
.........
@Component
public class JwtTokenUtil implements Serializable {
////code here
public Claims getAllClaimsFromToken(String token) {
return Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody();
}
public User getUserFromToken(HttpServletRequest req) {
User user = new User();
Claims data = getAllClaimsFromToken(getToken(req));
user.setLogId(Integer.parseInt(data.get("log_id").toString()));
user.setUserId(Integer.parseInt(data.get("user_id").toString()));
user.setLogin(data.get("login").toString());
user.setFilial(data.get("filial").toString());
user.setRoles((List<Roles>) data.get("roles"));
return user;
}
public void sendTokenDB(Connection conn, HttpServletRequest req) throws Exception {
User user = getUserFromToken(req);
DB.ps(conn, "Begin Core_Env.Set_Env('LOG_ID', '" + user.getLogId() + "'); End;");
DB.ps(conn, "Begin Core_Env.Set_User(" + user.getUserId() + "); End;");
}
////code there
}
If data provided is not enought, we will gladly elaborate. Thank you for your time.