Return-Path: 
 <commits-return-20966-apmail-hbase-commits-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-commits-archive@www.apache.org
Delivered-To: apmail-hbase-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2D79B17520
	for <apmail-hbase-commits-archive@www.apache.org>;
 Tue,  4 Nov 2014 04:10:29 +0000 (UTC)
Received: (qmail 68897 invoked by uid 500); 4 Nov 2014 04:10:29 -0000
Delivered-To: apmail-hbase-commits-archive@hbase.apache.org
Received: (qmail 68850 invoked by uid 500); 4 Nov 2014 04:10:29 -0000
Mailing-List: contact commits-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@hbase.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@hbase.apache.org>
List-Post: <mailto:commits@hbase.apache.org>
List-Id: <commits.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list commits@hbase.apache.org
Received: (qmail 68841 invoked by uid 99); 4 Nov 2014 04:10:28 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Nov 2014 04:10:28 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 99F7BA080F1; Tue,  4 Nov 2014 04:10:28 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: enis@apache.org
To: commits@hbase.apache.org
Message-Id: <f7f22330e3ad48838ec27c3c35471cc9@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: git commit: HBASE-12402 ZKPermissionWatcher race condition in
 refreshing the cache leaving stale ACLs and causing AccessDenied
Date: Tue,  4 Nov 2014 04:10:28 +0000 (UTC)

Repository: hbase
Updated Branches:
  refs/heads/master f7adec054 -> 71f73fcd0


HBASE-12402 ZKPermissionWatcher race condition in refreshing the cache leaving stale ACLs and causing AccessDenied


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/71f73fcd
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/71f73fcd
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/71f73fcd

Branch: refs/heads/master
Commit: 71f73fcd0b474c600588268cd96c2e1b6982db64
Parents: f7adec0
Author: Enis Soztutar <enis@apache.org>
Authored: Mon Nov 3 20:09:55 2014 -0800
Committer: Enis Soztutar <enis@apache.org>
Committed: Mon Nov 3 20:09:55 2014 -0800

----------------------------------------------------------------------
 .../security/access/ZKPermissionWatcher.java    | 31 ++++++++++++++++----
 1 file changed, 25 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/71f73fcd/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
index c4c925a..0265e82 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/ZKPermissionWatcher.java
@@ -31,6 +31,7 @@ import org.apache.zookeeper.KeeperException;
 
 import java.io.IOException;
 import java.util.List;
+import java.util.concurrent.CountDownLatch;
 
 /**
  * Handles synchronization of access control list entries and updates
@@ -48,6 +49,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
   static final String ACL_NODE = "acl";
   TableAuthManager authManager;
   String aclZNode;
+  CountDownLatch initialized = new CountDownLatch(1);
 
   public ZKPermissionWatcher(ZooKeeperWatcher watcher,
       TableAuthManager authManager, Configuration conf) {
@@ -58,18 +60,32 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
   }
 
   public void start() throws KeeperException {
-    watcher.registerListener(this);
-    if (ZKUtil.watchAndCheckExists(watcher, aclZNode)) {
-      List<ZKUtil.NodeAndData> existing =
-          ZKUtil.getChildDataAndWatchForNewChildren(watcher, aclZNode);
-      if (existing != null) {
-        refreshNodes(existing);
+    try {
+      watcher.registerListener(this);
+      if (ZKUtil.watchAndCheckExists(watcher, aclZNode)) {
+        List<ZKUtil.NodeAndData> existing =
+            ZKUtil.getChildDataAndWatchForNewChildren(watcher, aclZNode);
+        if (existing != null) {
+          refreshNodes(existing);
+        }
       }
+    } finally {
+      initialized.countDown();
+    }
+  }
+
+  private void waitUntilStarted() {
+    try {
+      initialized.await();
+    } catch (InterruptedException e) {
+      LOG.warn("Interrupted while waiting", e);
+      Thread.currentThread().interrupt();
     }
   }
 
   @Override
   public void nodeCreated(String path) {
+    waitUntilStarted();
     if (path.equals(aclZNode)) {
       try {
         List<ZKUtil.NodeAndData> nodes =
@@ -85,6 +101,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
 
   @Override
   public void nodeDeleted(String path) {
+    waitUntilStarted();
     if (aclZNode.equals(ZKUtil.getParent(path))) {
       String table = ZKUtil.getNodeName(path);
       if(AccessControlLists.isNamespaceEntry(table)) {
@@ -97,6 +114,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
 
   @Override
   public void nodeDataChanged(String path) {
+    waitUntilStarted();
     if (aclZNode.equals(ZKUtil.getParent(path))) {
       // update cache on an existing table node
       String entry = ZKUtil.getNodeName(path);
@@ -115,6 +133,7 @@ public class ZKPermissionWatcher extends ZooKeeperListener {
 
   @Override
   public void nodeChildrenChanged(String path) {
+    waitUntilStarted();
     if (path.equals(aclZNode)) {
       // table permissions changed
       try {