[
https://issues.apache.org/jira/browse/HADOOP-10851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoy Antony updated HADOOP-10851:
----------------------------------
Attachment: HADOOP-10851.patch
The attached patch adds 3 test cases
* a basic test for _NetgroupCache_
* test where a user is initially part of a group and later removed from that
group.
* test where a group is initially added to cache, but later removed.
_NetgroupCache_ is fixed by clearing the cache properly.
Code is slightly refactored :
* uses {{addAll}} instead of looping through the set of entries.
* removed call to {{isCached}} inside {{add}} since the callers call
{{isCached}} before calling {{add}}.
* two unused imports are removed.
> NetgroupCache does not remove group memberships
> -----------------------------------------------
>
> Key: HADOOP-10851
> URL: https://issues.apache.org/jira/browse/HADOOP-10851
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10851.patch
>
>
> _NetgroupCache_ is used by _GroupMappingServiceProvider_ implementations
> based on net groups.
> But it has a serious flaw in that once a user to group membership is
> established, it remains forever even if user is actually removed from the
> netgroup and cache is cleared. It is cleared only if the server is restarted.
> To reproduce this:
> * Cache a group with a set of users.
> * Test membership correctness.
> * Clear cache, remove a user from the group and cache the group again
> * Expected result : user’s groups should not include the group from which
> he/she is removed.
> * Actual result : user’s groups includes the group from which he/she was
> removed.
> It is also noted that _NetgroupCache_ has concurrency issues and a separate
> jira is filed to rectify them.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
