jinmeiliao commented on a change in pull request #7063:
URL: https://github.com/apache/geode/pull/7063#discussion_r741231285
##########
File path:
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientUserAuths.java
##########
@@ -52,17 +62,32 @@ public Long putUserAuth(UserAuthAttributes userAuthAttr) {
return newId;
}
- public Long putSubject(Subject subject, long existingUniqueId) {
- final Long newId;
+
+ public long putSubject(@NotNull Subject subject, long existingUniqueId) {
+ final long newId;
if (existingUniqueId == 0 || existingUniqueId == NOT_A_USER_ID) {
newId = getNextID();
} else {
newId = existingUniqueId;
}
- Subject oldSubject = uniqueIdVsSubject.put(newId, subject);
- removeSubject(oldSubject);
- logger.debug("Subject of {} added.", newId);
+ // we are saving all the subjects that's related to this uniqueId
+ // we cannot immediately log out the old subject of this userId because
+ // it might already be bound to another thread and doing operations. If
+ // we log out that subject immediately, that thread "authorize" would get
null principal.
+ synchronized (this) {
Review comment:
we are preventing user doing `putSubject` `getSubject`, `removeSubject`
at the same time. this `synchronize` block is necessary.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
