[
https://issues.apache.org/jira/browse/ARTEMIS-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell resolved ARTEMIS-4399.
-------------------------------------
Fix Version/s: 2.31.0
Resolution: Fixed
> Authentication cache set to size 0 (i.e. disabled) is not threadsafe
> ---------------------------------------------------------------------
>
> Key: ARTEMIS-4399
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4399
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.30.0
> Reporter: Rich T
> Assignee: Justin Bertram
> Priority: Major
> Fix For: 2.31.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> To disable authentication cache you have to set the following config option:
> {code:java}
> setAuthenticationCacheSize(0){code}
> SecurityStoreImpl then creates the following guava cache with maximumSize set
> to 0:
> {code:java}
> authenticationCache = CacheBuilder.newBuilder()
> .maximumSize(authenticationCacheSize)
> .expireAfterWrite(invalidationInterval, TimeUnit.MILLISECONDS)
> .build();{code}
> The way the guava LocalCache implementation works with maximumSize is that
> even with size 0 an entry is added but then is removed; this means that
> another thread can end up pulling an entry out of the cache before it is
> evicted; even though maximumSize is set to 0.
> It has taken me some effort to track down this timing issue but the behaviour
> is also explained in the guava docs:
> {code:java}
> When size is zero, elements will be evicted immediately after being loaded
> into the cache. This can be useful in testing, or to disable caching
> temporarily without a code change.This feature cannot be used in conjunction
> with maximumWeight
> {code}
> Based on these findings no auth cache should be created at all when size 0 is
> requested.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
