hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e...@apache.org
Subject git commit: HBASE-12402 ZKPermissionWatcher race condition in refreshing the cache leaving stale ACLs and causing AccessDenied
Date Tue, 04 Nov 2014 04:10:28 GMT
Repository: hbase
Updated Branches:
  refs/heads/master f7adec054 -> 71f73fcd0


HBASE-12402 ZKPermissionWatcher race condition in refreshing the cache leaving stale ACLs
and causing AccessDenied


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/71f73fcd
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/71f73fcd
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/71f73fcd

Branch: refs/heads/master
Commit: 71f73fcd0b474c600588268cd96c2e1b6982db64
Parents: f7adec0
Author: Enis Soztutar <enis@apache.org>
Authored: Mon Nov 3 20:09:55 2014 -0800
Committer: Enis Soztutar <enis@apache.org>
Committed: Mon Nov 3 20:09:55 2014 -0800

----------------------------------------------------------------------
 .../security/access/ZKPermissionWatcher.java    | 31 ++++++++++++++++----
 1 file changed, 25 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/71f73fcd/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
index c4c925a..0265e82 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
@@ -31,6 +31,7 @@ import org.apache.zookeeper.KeeperException;
 
 import java.io.IOException;
 import java.util.List;
+import java.util.concurrent.CountDownLatch;
 
 /**
  * Handles synchronization of access control list entries and updates
@@ -48,6 +49,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
   static final String ACL_NODE = "acl";
   TableAuthManager authManager;
   String aclZNode;
+  CountDownLatch initialized = new CountDownLatch(1);
 
   public ZKPermissionWatcher(ZooKeeperWatcher watcher,
       TableAuthManager authManager, Configuration conf) {
@@ -58,18 +60,32 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
   }
 
   public void start() throws KeeperException {
-    watcher.registerListener(this);
-    if (ZKUtil.watchAndCheckExists(watcher, aclZNode)) {
-      List<ZKUtil.NodeAndData> existing =
-          ZKUtil.getChildDataAndWatchForNewChildren(watcher, aclZNode);
-      if (existing != null) {
-        refreshNodes(existing);
+    try {
+      watcher.registerListener(this);
+      if (ZKUtil.watchAndCheckExists(watcher, aclZNode)) {
+        List<ZKUtil.NodeAndData> existing =
+            ZKUtil.getChildDataAndWatchForNewChildren(watcher, aclZNode);
+        if (existing != null) {
+          refreshNodes(existing);
+        }
       }
+    } finally {
+      initialized.countDown();
+    }
+  }
+
+  private void waitUntilStarted() {
+    try {
+      initialized.await();
+    } catch (InterruptedException e) {
+      LOG.warn("Interrupted while waiting", e);
+      Thread.currentThread().interrupt();
     }
   }
 
   @Override
   public void nodeCreated(String path) {
+    waitUntilStarted();
     if (path.equals(aclZNode)) {
       try {
         List<ZKUtil.NodeAndData> nodes =
@@ -85,6 +101,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
 
   @Override
   public void nodeDeleted(String path) {
+    waitUntilStarted();
     if (aclZNode.equals(ZKUtil.getParent(path))) {
       String table = ZKUtil.getNodeName(path);
       if(AccessControlLists.isNamespaceEntry(table)) {
@@ -97,6 +114,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
 
   @Override
   public void nodeDataChanged(String path) {
+    waitUntilStarted();
     if (aclZNode.equals(ZKUtil.getParent(path))) {
       // update cache on an existing table node
       String entry = ZKUtil.getNodeName(path);
@@ -115,6 +133,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
 
   @Override
   public void nodeChildrenChanged(String path) {
+    waitUntilStarted();
     if (path.equals(aclZNode)) {
       // table permissions changed
       try {


Mime
View raw message