Incidentally receiving 401 Unauthorized from Twitter (version 1.2.1.1) about oauth-signpost HOT 7 OPEN

Missing attachment

I am also facing same problem !!!
Any solution you got ?

Version 1.2
----------------
We experienced the same problem with 1.2 when generating a lot of OAuth 
requests. We believe the class AbstractOAuthConsumer.java uses a Random in the 
wrong way leading to random number duplicates.

Our quick fix has been through an anonymous extension of the 
"CommonsHttpOAuthConsumer" and overriding the "generateNonce" method . When we 
create a consumer we use the class
<pre>
CommonsHttpOAuthConsumer consumer = new CommonsHttpOAuthConsumer(
                "somekey", "somepassword") {
             // fixed: oauth nonce (random number) generation now thread safe
            @Override
            protected String generateNonce() {
                return Long.toString(RANDOM.nextLong());
            }
        };
</pre>
where the RANDOM is created once using:

    private static final Random RANDOM = new Random();

Version 1.2.1.1
----------------
We just realized that 1.2.1.1 is the newest one. But we still doubt if 
System.nanoTime on line 106 will not fail under excessive load: 

http://code.google.com/p/oauth-signpost/source/browse/trunk/signpost-core/src/ma
in/java/oauth/signpost/AbstractOAuthConsumer.java

There are no tags for 1.2.1.1 so we presume that the trunk and 1.2.1.1 are the 
same.

References:

http://download.oracle.com/javase/1.5.0/docs/api/java/lang/System.html#nanoTime%
28%29 ("...No guarantees are made about how frequently values change...")
http://download.oracle.com/javase/1.4.2/docs/api/java/util/Random.html ("... If 
two instances of Random are created with the same seed, and the same sequence 
of method calls is made for each, they will generate and return identical 
sequences of numbers....")

I've also experienced an issue when signing two requests asynchronously in 
different threads and having 50% of them failing with exact same nonces.

Thanks @bun, I'll try your fix out.

[deleted comment]

Same problem: From Android making 2 requests at same time asynchronously will 
401 one request. @grantlan did it work?

Update: Workaround in comment 3 does work for me

@michaelb comment 3 didn't work for me, but creating new OAuthConsumers for 
each request did as per http://code.google.com/p/oauth-signpost/

Thread Safety

Signpost is not thread safe and probably will never be. Signpost objects are 
very lightweight, so you are adviced to create an OAuthConsumer and 
OAuthProvider for every thread in your application that must send signed HTTP 
requests. Both objects are also serializable, so you can persist and restore 
them later.