FlickrJ’s ThreadLocal gotcha

If you use Desktop license from Flickr, you have to use the RequestContext class as follows from the FlickrJ examples:

Auth token = this.flickr.getAuthInterface().getToken(frob);
RequestContext.getRequestContext().setAuth(token);

RequestContext stores the token in a ThreadLocal variable. To be brief, I’m running an app on Tomcat. Tomcat uses a ThreadPool. RequestContext corrupts my app because the threads go back to a pool, they don’t die. So, the token of previous users show up in new user’s requests. Not good, and took a while to track down this bug.

I’ve added checks in my FlickrDAO class to clear out the RequestContext’s threadlocal variables at the beginning of each public method that can be impacted. Now my users authenticate properly with Flickr, and information doesn’t leak between requests.

This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to FlickrJ’s ThreadLocal gotcha

Leave a Reply

Your email address will not be published. Required fields are marked *