Alexander Kolbasov created SENTRY-1474:
------------------------------------------

             Summary: createSentryRole() isn't thread-safe
                 Key: SENTRY-1474
                 URL: https://issues.apache.org/jira/browse/SENTRY-1474
             Project: Sentry
          Issue Type: Bug
          Components: Core
    Affects Versions: 1.7.0, sentry-ha-redesign
            Reporter: Alexander Kolbasov


Here is the function createSentryRole():

{code}
  public CommitContext createSentryRole(String roleName)
      throws SentryAlreadyExistsException, SentryStandbyException {
    boolean rollbackTransaction = true;
    PersistenceManager pm = null;
    try {
      pm = openTransaction();
      createSentryRoleCore(pm, roleName);
      CommitContext commit = commitUpdateTransaction(pm);
      rollbackTransaction = false;
      return commit;
    } finally {
       ...
    }
  }
{code}

And here is createSentryRoleCore():

{code}
  private void createSentryRoleCore(PersistenceManager pm, String roleName)
      throws SentryAlreadyExistsException {
    String trimmedRoleName = trimAndLower(roleName);
    MSentryRole mSentryRole = getMSentryRole(pm, trimmedRoleName);
    if (mSentryRole == null) {
      MSentryRole mRole = new MSentryRole(trimmedRoleName, 
System.currentTimeMillis());
      pm.makePersistent(mRole);
    } else {
      throw new SentryAlreadyExistsException("Role: " + trimmedRoleName);
    }
  }
{code}

The problem is that after the call to getMSentryRole() the role can be added by 
another thread. So we will successfully add two instances of a role with the 
same name. After that calls to getMSentryRole() with this name will fail 
because we have two instances with the same name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to