Skip to content

OpenAPIService serverBaseUrl is not thread safe #2931

New issue
New issue
Closed
Closed
OpenAPIService serverBaseUrl is not thread safe#2931
@jmkelm08

Description

@jmkelm08
jmkelm08
opened on Mar 6, 2025

Describe the bug

I am trying to accomplish something similar to #2171. The recommended solution is to use a ServerBaseUrlCustomizer to customize the URL based on the request. In OpenAPIService.setServerBaseUrl, the customized base URL is stored in a member variable of the service with no locking or other protections which is not thread safe.

To Reproduce

  1. Create a very basic Spring boot application
  2. Run in debug
  3. Set breakpoint 1 on the last line of OpenAPIService.setServerBaseUrl: this.serverBaseUrl = customServerBaseUrl
  4. Set breakpoint 2 on the first line inside the if statement in OpenAPIService.updateServers
  5. Open http://localhost:8080/swagger-ui/index.html
  6. Advance to the 2nd breakpoint (in updateServers)
  7. Open http://127.0.0.1:8080/swagger-ui/index.html
  8. Step over the 1st breakpoin (last line in setServerBaseUrl)
  9. Unpause the first request and see that the returned server list contains http://127.0.0.1:8080 instead of http://localhost:8080

Expected behavior

The server base URL is not modified by unrelated requests

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions