[jira] [Commented] (HBASE-6851) Race condition in TableAuthManager.updateGlobalCache()

[stack (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13460890#comment-13460890
 ] 

stack commented on HBASE-6851:
------------------------------

Cache is unbounded.  Any fear of it getting large?  (I suppose the old code 
worked this way so this patch doesn't introduce that issue).

The synchronize on updateGlobalCache seems like it could come in handy.  Are 
all accesses on GLOBAL_CACHE synchronized?  Do they need to be?  Could we get a 
NPE again when we swap it in and are accessing it elsewhere concurrently?  

Does updateTableCache need synchronize?

Looks much cleaner.  Good stuff G.






                
> Race condition in TableAuthManager.updateGlobalCache()
> ------------------------------------------------------
>
>                 Key: HBASE-6851
>                 URL: https://issues.apache.org/jira/browse/HBASE-6851
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.94.1, 0.96.0
>            Reporter: Gary Helmling
>            Assignee: Gary Helmling
>            Priority: Critical
>         Attachments: HBASE-6851.patch
>
>
> When new global permissions are assigned, there is a race condition, during 
> which further authorization checks relying on global permissions may fail.
> In TableAuthManager.updateGlobalCache(), we have:
> {code:java}
>     USER_CACHE.clear();
>     GROUP_CACHE.clear();
>     try {
>       initGlobal(conf);
>     } catch (IOException e) {
>       // Never happens
>       LOG.error("Error occured while updating the user cache", e);
>     }
>     for (Map.Entry<String,TablePermission> entry : userPerms.entries()) {
>       if (AccessControlLists.isGroupPrincipal(entry.getKey())) {
>         GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()),
>                         new Permission(entry.getValue().getActions()));
>       } else {
>         USER_CACHE.put(entry.getKey(), new 
> Permission(entry.getValue().getActions()));
>       }
>     }
> {code}
> If authorization checks come in following the .clear() but before 
> repopulating, they will fail.
> We should have some synchronization here to serialize multiple updates and 
> use a COW type rebuild and reassign of the new maps.
> This particular issue crept in with the fix in HBASE-6157, so I'm flagging 
> for 0.94 and 0.96.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira