[
https://issues.apache.org/jira/browse/KNOX-598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14744239#comment-14744239
]
Kevin Minder commented on KNOX-598:
-----------------------------------
I actually had that first but looked at the JVM code for Thread.sleep( 0, 1 )
and it turns out it ends up being the same as Thread.sleep( 0 ). In general
you are right the implementation of sleep(0) can be JVM implementation
dependent but typically it will relinquish control of the thread to the
scheduler to allow other threads to execute. The behavior of Thread.yield() is
even less deterministic. In practice this is all probably academic as the
System.nanoTime() call is probably sufficient to allow the JVM's
high-resolution time source to advance.
> Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401
> error (due to Kerberos Replay attack error)
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-598
> URL: https://issues.apache.org/jira/browse/KNOX-598
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.4.0
> Reporter: Kevin Minder
> Priority: Blocker
> Fix For: 0.7.0
>
> Attachments: KNOX-598_001.patch
>
>
> In high concurrency scenarios the same Knox service principal can ended up
> requesting two service tickets for HiveServer2's HTTP service principal
> within the same microsecond. This is being detected on the HiveServer2 side
> as a replay attack. The fix is to include some concurrency controls in Knox
> to ensure that this cannot occur. This will introduce some minor
> serialization but this seems unavoidable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
