This is an automated email from the ASF dual-hosted git repository.
jiangtian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 79d8fa76ecc Auth: Fixed potential NPE problems && Added clear cache
option to clear the stale auth cache (#17426)
79d8fa76ecc is described below
commit 79d8fa76ecccb4cd29ca4d74f5fb7cb447f835b8
Author: Caideyipi <[email protected]>
AuthorDate: Fri Apr 3 14:48:35 2026 +0800
Auth: Fixed potential NPE problems && Added clear cache option to clear the
stale auth cache (#17426)
* fix
* clear
---
.../java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java | 1 +
.../src/main/antlr4/org/apache/iotdb/db/qp/sql/IdentifierParser.g4 | 1 +
.../src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4 | 2 +-
.../antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4 | 4 ++++
.../src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java | 4 ++++
.../src/main/java/org/apache/iotdb/db/auth/BasicAuthorityCache.java | 5 +++--
.../db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java | 3 +++
.../org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java | 5 ++++-
.../iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java | 5 ++++-
.../org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java | 6 +++---
.../org/apache/iotdb/commons/schema/cache/CacheClearOptions.java | 1 +
.../org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4 | 4 +++-
12 files changed, 32 insertions(+), 9 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
index 2ebdd37758f..92f396769b2 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java
@@ -213,6 +213,7 @@ public class IoTDBSystemPermissionIT {
grantUserSystemPrivileges("test6", PrivilegeType.SYSTEM);
executeNonQuery("flush", "test6", "test123123456");
executeNonQuery("clear cache", "test6", "test123123456");
+ executeNonQuery("clear auth cache", "test6", "test123123456");
executeNonQuery("set system to readonly", "test6", "test123123456");
executeNonQuery("set system to running", "test6", "test123123456");
executeNonQuery(
diff --git
a/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IdentifierParser.g4
b/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IdentifierParser.g4
index 07b79998a85..fa13e294751 100644
---
a/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IdentifierParser.g4
+++
b/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IdentifierParser.g4
@@ -291,6 +291,7 @@ keyWords
| WRITABLE
| WRITE
| AUDIT
+ | AUTH
| OPTION
| INF
| CURRENT_TIMESTAMP
diff --git
a/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4
b/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4
index c64f9338e3a..31d1007867a 100644
---
a/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4
+++
b/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4
@@ -1211,7 +1211,7 @@ flush
// Clear Cache
clearCache
- : CLEAR (SCHEMA | QUERY | ALL)? CACHE (ON (LOCAL | CLUSTER))?
+ : CLEAR (SCHEMA | QUERY | AUTH | ALL)? CACHE (ON (LOCAL | CLUSTER))?
;
// Set Configuration
diff --git
a/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
b/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
index 65dcd5810f3..5c5cbe4a186 100644
--- a/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
+++ b/iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4
@@ -1195,6 +1195,10 @@ AUDIT
: A U D I T
;
+AUTH
+ : A U T H
+ ;
+
REPAIR
: R E P A I R
;
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 21c3bc787ee..fa7edec953c 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -133,6 +133,10 @@ public class AuthorityChecker {
return authorityFetcher.get().getAuthorCache().invalidateCache(username,
roleName);
}
+ public static void invalidateAllCache() {
+ authorityFetcher.get().getAuthorCache().invalidAllCache();
+ }
+
public static User getUser(String username) {
return authorityFetcher.get().getUser(username);
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/BasicAuthorityCache.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/BasicAuthorityCache.java
index b90469b6f70..1de4f0b0da8 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/BasicAuthorityCache.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/BasicAuthorityCache.java
@@ -81,8 +81,9 @@ public class BasicAuthorityCache implements IAuthorCache {
@Override
public boolean invalidateCache(final String userName, final String roleName)
{
if (userName != null) {
- if (userCache.getIfPresent(userName) != null) {
- Set<String> roleSet = userCache.getIfPresent(userName).getRoleSet();
+ final User user = userCache.getIfPresent(userName);
+ if (user != null) {
+ final Set<String> roleSet = user.getRoleSet();
if (!roleSet.isEmpty()) {
roleCache.invalidateAll(roleSet);
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java
index c2c3a8d16cd..f5cdb47876a 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java
@@ -2454,6 +2454,9 @@ public class DataNodeInternalRPCServiceImpl implements
IDataNodeRPCService.Iface
|| options.contains(CacheClearOptions.QUERY)) {
storageEngine.clearCache();
}
+ if (options.contains(CacheClearOptions.AUTH)) {
+ AuthorityChecker.invalidateAllCache();
+ }
if (options.contains(CacheClearOptions.QUERY)
&& options.contains(CacheClearOptions.TABLE_ATTRIBUTE)
&& options.contains(CacheClearOptions.TREE_SCHEMA)) {
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
index 421ead09c89..c7a4acfcd59 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java
@@ -3703,13 +3703,16 @@ public class ASTVisitor extends
IoTDBSqlParserBaseVisitor<Statement> {
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.TREE_SCHEMA));
} else if (ctx.QUERY() != null) {
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.QUERY));
+ } else if (ctx.AUTH() != null) {
+
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.AUTH));
} else if (ctx.ALL() != null) {
clearCacheStatement.setOptions(
new HashSet<>(
Arrays.asList(
CacheClearOptions.TABLE_ATTRIBUTE,
CacheClearOptions.TREE_SCHEMA,
- CacheClearOptions.QUERY)));
+ CacheClearOptions.QUERY,
+ CacheClearOptions.AUTH)));
} else {
clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.DEFAULT));
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java
index a31b48c24b4..c2dec8dce4c 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java
@@ -1605,13 +1605,16 @@ public class AstBuilder extends
RelationalSqlBaseVisitor<Node> {
options = Collections.singleton(CacheClearOptions.TABLE_ATTRIBUTE);
} else if (context.QUERY() != null) {
options = Collections.singleton(CacheClearOptions.QUERY);
+ } else if (context.AUTH() != null) {
+ options = Collections.singleton(CacheClearOptions.AUTH);
} else {
options =
new HashSet<>(
Arrays.asList(
CacheClearOptions.TABLE_ATTRIBUTE,
CacheClearOptions.TREE_SCHEMA,
- CacheClearOptions.QUERY));
+ CacheClearOptions.QUERY,
+ CacheClearOptions.AUTH));
}
return new ClearCache(
Objects.isNull(ctx.localOrClusterMode())
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
index 6ba8c5336b1..c77a0e31bef 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
@@ -136,12 +136,12 @@ public abstract class BasicAuthorizer implements
IAuthorizer, IService {
@Override
public String login4Pipe(final String username, final String password) {
final User user = userManager.getEntity(username);
- if (Objects.isNull(password)) {
- return user.getPassword();
- }
if (user == null) {
return null;
}
+ if (Objects.isNull(password)) {
+ return user.getPassword();
+ }
if (AuthUtils.validatePassword(
password, user.getPassword(),
AsymmetricEncrypt.DigestAlgorithm.SHA_256)) {
return user.getPassword();
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/schema/cache/CacheClearOptions.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/schema/cache/CacheClearOptions.java
index 74b39dfd529..2665256dde0 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/schema/cache/CacheClearOptions.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/schema/cache/CacheClearOptions.java
@@ -23,5 +23,6 @@ public enum CacheClearOptions {
TABLE_ATTRIBUTE,
TREE_SCHEMA,
QUERY,
+ AUTH,
DEFAULT,
}
diff --git
a/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
b/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
index 9b09d6ebad0..f30dbba697b 100644
---
a/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
+++
b/iotdb-core/relational-grammar/src/main/antlr4/org/apache/iotdb/db/relational/grammar/sql/RelationalSql.g4
@@ -699,6 +699,7 @@ clearCacheOptions
: ATTRIBUTE
| QUERY
| ALL
+ | AUTH
;
localOrClusterMode
@@ -1471,7 +1472,7 @@ authorizationUser
nonReserved
// IMPORTANT: this rule must only contain tokens. Nested rules are not
supported. See SqlParser.exitNonReserved
- : ABSENT | ADD | ADMIN | AFTER | ALL | ANALYZE | ANY | ARRAY | ASC | AT |
ATTRIBUTE | AUDIT | AUTHORIZATION | AVAILABLE
+ : ABSENT | ADD | ADMIN | AFTER | ALL | ANALYZE | ANY | ARRAY | ASC | AT |
ATTRIBUTE | AUDIT | AUTH | AUTHORIZATION | AVAILABLE
| BEGIN | BERNOULLI | BOTH
| CACHE | CALL | CALLED | CASCADE | CATALOG | CATALOGS | CHAR | CHARACTER
| CHARSET | CLEAR | CLUSTER | CLUSTERID | COLUMN | COLUMNS | COMMENT | COMMIT |
COMMITTED | CONDITION | CONDITIONAL | CONFIGNODES | CONFIGNODE | CONFIGURATION
| CONNECTOR | CONSTANT | COPARTITION | COPY | COUNT | CURRENT
| DATA | DATABASE | DATABASES | DATANODE | DATANODES | DATASET | DATE |
DAY | DEBUG | DECLARE | DEFAULT | DEFINE | DEFINER | DENY | DESC | DESCRIPTOR |
DETAILS| DETERMINISTIC | DEVICES | DISTRIBUTED | DO | DOUBLE
@@ -1518,6 +1519,7 @@ ASC: 'ASC';
ASOF: 'ASOF';
AT: 'AT';
ATTRIBUTE: 'ATTRIBUTE';
+AUTH: 'AUTH';
AUTHORIZATION: 'AUTHORIZATION';
BEGIN: 'BEGIN';
BERNOULLI: 'BERNOULLI';
