[jira] [Created] (SOLR-13701) JWTAuthPlugin calls authenticationFailure (which calls HttpServletResponsesendError) before updating metrics - breaks tests

Thu, 15 Aug 2019 18:19:59 -0700 

Hoss Man created SOLR-13701:
-------------------------------

             Summary: JWTAuthPlugin calls authenticationFailure (which calls 
HttpServletResponsesendError) before updating metrics - breaks tests
                 Key: SOLR-13701
                 URL: https://issues.apache.org/jira/browse/SOLR-13701
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Hoss Man
            Assignee: Hoss Man


The way JWTAuthPlugin is currently implemented, any failures are sent to the 
remote client (via {{authenticationFailure(...)}} which calls 
{{HttpServletResponsesendError(...)}}) *before* 
{{JWTAuthPlugin.doAuthenticate(...)}} has a chance to update it's metrics (like 
{{numErrors}} and {{numWrongCredentials}})

This causes a race condition in tests where test threads can:
 * see an error response/Exception before the server thread has updated metrics 
(like {{numErrors}} and {{numWrongCredentials}})
 * call white box methods like 
{{SolrCloudAuthTestCase.assertAuthMetricsMinimums(...)}} to assert expected 
metrics

...all before the server thread has ever gotten around to being able to update 
the metrics in question.

{{SolrCloudAuthTestCase.assertAuthMetricsMinimums(...)}} currently has some 
{{"First metrics count assert failed, pausing 2s before re-attempt"}} evidently 
to try and work around this bug, but it's still no garuntee that the server 
thread will be scheduled before the retry happens.

We can/should just fix JWTAuthPlugin to ensure the metrics are updated before 
{{authenticationFailure(...)}} is called, and then remove the "pausing 2s 
before re-attempt" logic from {{SolrCloudAuthTestCase}} - between this bug fix, 
and the existing work around for SOLR-13464, there should be absolutely no 
reason to "retry" reading hte metrics.

(NOTE: BasicAuthPlugin has a similar {{authenticationFailure(...)}} method that 
also calls {{HttpServletResponse.sendError(...)}} - but it already (correctly) 
updates the error/failure metrics *before* calling that method.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to