Alexander Kolbasov created SENTRY-1474:

             Summary: createSentryRole() isn't thread-safe
                 Key: SENTRY-1474
             Project: Sentry
          Issue Type: Bug
          Components: Core
    Affects Versions: 1.7.0, sentry-ha-redesign
            Reporter: Alexander Kolbasov

Here is the function createSentryRole():

  public CommitContext createSentryRole(String roleName)
      throws SentryAlreadyExistsException, SentryStandbyException {
    boolean rollbackTransaction = true;
    PersistenceManager pm = null;
    try {
      pm = openTransaction();
      createSentryRoleCore(pm, roleName);
      CommitContext commit = commitUpdateTransaction(pm);
      rollbackTransaction = false;
      return commit;
    } finally {

And here is createSentryRoleCore():

  private void createSentryRoleCore(PersistenceManager pm, String roleName)
      throws SentryAlreadyExistsException {
    String trimmedRoleName = trimAndLower(roleName);
    MSentryRole mSentryRole = getMSentryRole(pm, trimmedRoleName);
    if (mSentryRole == null) {
      MSentryRole mRole = new MSentryRole(trimmedRoleName, 
    } else {
      throw new SentryAlreadyExistsException("Role: " + trimmedRoleName);

The problem is that after the call to getMSentryRole() the role can be added by 
another thread. So we will successfully add two instances of a role with the 
same name. After that calls to getMSentryRole() with this name will fail 
because we have two instances with the same name.

This message was sent by Atlassian JIRA

Reply via email to