[ https://issues.apache.org/jira/browse/HBASE-6851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461292#comment-13461292 ]
Hudson commented on HBASE-6851: ------------------------------- Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #188 (See [https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/188/]) HBASE-6851 Fix race condition in TableAuthManager.updateGlobalCache() (Revision 1388894) Result = FAILURE garyh : Files : * /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java * /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestTablePermissions.java > Race condition in TableAuthManager.updateGlobalCache() > ------------------------------------------------------ > > Key: HBASE-6851 > URL: https://issues.apache.org/jira/browse/HBASE-6851 > Project: HBase > Issue Type: Bug > Components: security > Affects Versions: 0.94.1, 0.96.0 > Reporter: Gary Helmling > Assignee: Gary Helmling > Priority: Critical > Fix For: 0.94.3, 0.96.0 > > Attachments: HBASE-6851_2.patch, HBASE-6851_3.patch, HBASE-6851.patch > > > When new global permissions are assigned, there is a race condition, during > which further authorization checks relying on global permissions may fail. > In TableAuthManager.updateGlobalCache(), we have: > {code:java} > USER_CACHE.clear(); > GROUP_CACHE.clear(); > try { > initGlobal(conf); > } catch (IOException e) { > // Never happens > LOG.error("Error occured while updating the user cache", e); > } > for (Map.Entry<String,TablePermission> entry : userPerms.entries()) { > if (AccessControlLists.isGroupPrincipal(entry.getKey())) { > GROUP_CACHE.put(AccessControlLists.getGroupName(entry.getKey()), > new Permission(entry.getValue().getActions())); > } else { > USER_CACHE.put(entry.getKey(), new > Permission(entry.getValue().getActions())); > } > } > {code} > If authorization checks come in following the .clear() but before > repopulating, they will fail. > We should have some synchronization here to serialize multiple updates and > use a COW type rebuild and reassign of the new maps. > This particular issue crept in with the fix in HBASE-6157, so I'm flagging > for 0.94 and 0.96. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira