[
https://issues.apache.org/jira/browse/SLING-2701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13677012#comment-13677012
]
Dominik Smogór commented on SLING-2701:
---------------------------------------
Imagine the following: (lines valid for r1021641)
thread X calls serviceChanged -> #1451 removeService now, authReq are not any
more in props but still in the cache.
now thread Y drops in with serviceChanged -> first calls removeService but the
key is no longer there, then calls addService with all the keys once again. Now
you have authRequs duplicated.
Besides, access to props should be synchronized anyway.
> SlingAuthenticator is volatile to multithreaded auth path updates.
> ------------------------------------------------------------------
>
> Key: SLING-2701
> URL: https://issues.apache.org/jira/browse/SLING-2701
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Auth Core 1.0.6
> Environment: CQ 5.4
> Reporter: Dominik Smogór
> Assignee: Carsten Ziegeler
> Attachments: authcore-SLING-2701.patch
>
>
> SlingAuthenticator has a registered listener on services that share
> sling.auth.requirements service attributes.
> These paths serve as basis to PathBasedHolders that decide what request paths
> need to be authenticated.
> When the listener is called from multiple threads on the same service
> SlingAuthenticator PathBasedHolders cache gets corrupted due to insufficient
> synchronization. The effect is artificial multiplication of records.
> This patch adds synchronized block within the listener.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
