hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12076) Incomplete Cache Mechanism in CredentialProvider API
Date Wed, 10 Jun 2015 10:51:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14580384#comment-14580384

Larry McCay commented on HADOOP-12076:

Interestingly, based on trying to change the test to ensure that non-cached items are not
returned when the underlying store is deleted, it seems that the in-memory keystore instance
itself serves as a cache. I have found that when a credentialEntry is added to the in-memory
it is always returned even if the underlying jks is deleted and the value wasn't queried prior.
I even persisted the store with a flush() and instantiated a new provider. The act of loading
the keystore reads everything into memory - so, even when I remove the file it is still returned
by the getCredentialEntry since it is in the in-memory keystore. It doesn't even need to be
in the cache.

Not sure what value the additional cache adds here. There may be some overhead to pulling
it out of the keystore and the KeyEntry but not sure.

> Incomplete Cache Mechanism in CredentialProvider API
> ----------------------------------------------------
>                 Key: HADOOP-12076
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12076
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>         Attachments: HADOOP-12076-001.patch
> The AbstractJavaKeyStoreProvider class in the CredentialProvider API has a cache member
variable and interrogation of it during access but does not populate it.

This message was sent by Atlassian JIRA

View raw message