Merge pull request #2508 from guusdk/KEYCLOAK-2731

KEYCLOAK-2731: Improve thread safety of TokenManager

integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenManager.java

@@ -53,7 +53,7 @@ public class TokenManager {
         return getAccessToken().getToken();
     }
 
-    public AccessTokenResponse getAccessToken(){
+    public synchronized AccessTokenResponse getAccessToken(){
         if(currentToken == null){
             grantToken();
         }else if(tokenExpired()){
@@ -73,9 +73,10 @@ public class TokenManager {
         }
 
         int requestTime = Time.currentTime();
-        currentToken = tokenService.grantToken(config.getRealm(), form.asMap());
-        expirationTime = requestTime + currentToken.getExpiresIn();
-
+        synchronized (this) {
+            currentToken = tokenService.grantToken( config.getRealm(), form.asMap() );
+            expirationTime = requestTime + currentToken.getExpiresIn();
+        }
         return currentToken;
     }
 
@@ -90,20 +91,22 @@ public class TokenManager {
 
         try {
             int requestTime = Time.currentTime();
-            currentToken = tokenService.refreshToken(config.getRealm(), form.asMap());
-            expirationTime = requestTime + currentToken.getExpiresIn();
 
+            synchronized (this) {
+                currentToken = tokenService.refreshToken( config.getRealm(), form.asMap() );
+                expirationTime = requestTime + currentToken.getExpiresIn();
+            }
             return currentToken;
         } catch (BadRequestException e) {
             return grantToken();
         }
     }
 
-    public void setMinTokenValidity(long minTokenValidity) {
+    public synchronized void setMinTokenValidity(long minTokenValidity) {
         this.minTokenValidity = minTokenValidity;
     }
 
-    private boolean tokenExpired() {
+    private synchronized boolean tokenExpired() {
         return (Time.currentTime() + minTokenValidity) >= expirationTime;
     }