[jira] [Commented] (SENTRY-1474) createSentryRole() isn't thread-safe

Mon, 26 Sep 2016 13:35:34 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-1474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15524097#comment-15524097
 ] 

Alexander Kolbasov commented on SENTRY-1474:
--------------------------------------------

[~awleblang] Thank you for looking at it and for great analysis. So it seems 
that the check in createSentryRoleCore() isn't actually doing much and the 
actual check is performed at the DB level. This means that we do not have a bug 
and the issue can be closed.

> createSentryRole() isn't thread-safe
> ------------------------------------
>
>                 Key: SENTRY-1474
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1474
>             Project: Sentry
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.7.0, sentry-ha-redesign
>            Reporter: Alexander Kolbasov
>            Assignee: Alex Leblang
>
> Here is the function createSentryRole():
> {code}
>   public CommitContext createSentryRole(String roleName)
>       throws SentryAlreadyExistsException, SentryStandbyException {
>     boolean rollbackTransaction = true;
>     PersistenceManager pm = null;
>     try {
>       pm = openTransaction();
>       createSentryRoleCore(pm, roleName);
>       CommitContext commit = commitUpdateTransaction(pm);
>       rollbackTransaction = false;
>       return commit;
>     } finally {
>        ...
>     }
>   }
> {code}
> And here is createSentryRoleCore():
> {code}
>   private void createSentryRoleCore(PersistenceManager pm, String roleName)
>       throws SentryAlreadyExistsException {
>     String trimmedRoleName = trimAndLower(roleName);
>     MSentryRole mSentryRole = getMSentryRole(pm, trimmedRoleName);
>     if (mSentryRole == null) {
>       MSentryRole mRole = new MSentryRole(trimmedRoleName, 
> System.currentTimeMillis());
>       pm.makePersistent(mRole);
>     } else {
>       throw new SentryAlreadyExistsException("Role: " + trimmedRoleName);
>     }
>   }
> {code}
> The problem is that after the call to getMSentryRole() the role can be added 
> by another thread. So we will successfully add two instances of a role with 
> the same name. After that calls to getMSentryRole() with this name will fail 
> because we have two instances with the same name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to