[
https://issues.apache.org/jira/browse/ARTEMIS-4399?focusedWorklogId=877945&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-877945
]
ASF GitHub Bot logged work on ARTEMIS-4399:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 23/Aug/23 19:59
Start Date: 23/Aug/23 19:59
Worklog Time Spent: 10m
Work Description: jbertram commented on code in PR #4589:
URL: https://github.com/apache/activemq-artemis/pull/4589#discussion_r1303481917
##########
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java:
##########
@@ -424,26 +432,71 @@ private void
handleNoCacheLoginException(NoCacheLoginException e) {
logger.debug("Skipping authentication cache due to exception: {}",
e.getMessage());
}
+ private void putAuthenticationCacheEntry(String user,
+ String password,
+ RemotingConnection connection,
+ Subject subject) {
+ if (authenticationCache != null) {
+ authenticationCache.put(createAuthenticationCacheKey(user, password,
connection), new Pair<>(subject != null, subject));
+ }
+ }
+
+ private Pair<Boolean, Subject> getAuthenticationCacheEntry(String user,
+ String password,
+
RemotingConnection connection) {
+ if (authenticationCache == null) {
+ return null;
+ } else {
+ return
authenticationCache.getIfPresent(createAuthenticationCacheKey(user, password,
connection));
+ }
+ }
+
+ private void getAuthorizationCacheEntry(ConcurrentHashSet<SimpleString>
set, String key) {
Review Comment:
Indeed!
Issue Time Tracking
-------------------
Worklog Id: (was: 877945)
Time Spent: 0.5h (was: 20m)
> Authentication cache set to size 0 (i.e. disabled) is not threadsafe
> ---------------------------------------------------------------------
>
> Key: ARTEMIS-4399
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4399
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.30.0
> Reporter: Rich T
> Assignee: Justin Bertram
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> To disable authentication cache you have to set the following config option:
> {code:java}
> setAuthenticationCacheSize(0){code}
> SecurityStoreImpl then creates the following guava cache with maximumSize set
> to 0:
> {code:java}
> authenticationCache = CacheBuilder.newBuilder()
> .maximumSize(authenticationCacheSize)
> .expireAfterWrite(invalidationInterval, TimeUnit.MILLISECONDS)
> .build();{code}
> The way the guava LocalCache implementation works with maximumSize is that
> even with size 0 an entry is added but then is removed; this means that
> another thread can end up pulling an entry out of the cache before it is
> evicted; even though maximumSize is set to 0.
> It has taken me some effort to track down this timing issue but the behaviour
> is also explained in the guava docs:
> {code:java}
> When size is zero, elements will be evicted immediately after being loaded
> into the cache. This can be useful in testing, or to disable caching
> temporarily without a code change.This feature cannot be used in conjunction
> with maximumWeight
> {code}
> Based on these findings no auth cache should be created at all when size 0 is
> requested.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
