Github user scubafuchs commented on a diff in the pull request:
https://github.com/apache/accumulo/pull/244#discussion_r112535692
--- Diff:
core/src/main/java/org/apache/accumulo/core/iterators/system/VisibilityFilter.java
---
@@ -16,63 +16,59 @@
*/
package org.apache.accumulo.core.iterators.system;
+import org.apache.accumulo.core.data.ArrayByteSequence;
+import org.apache.accumulo.core.data.ByteSequence;
import org.apache.accumulo.core.data.Key;
import org.apache.accumulo.core.data.Value;
-import org.apache.accumulo.core.iterators.Filter;
import org.apache.accumulo.core.iterators.IteratorEnvironment;
import org.apache.accumulo.core.iterators.SortedKeyValueIterator;
+import org.apache.accumulo.core.iterators.SynchronizedServerFilter;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.ColumnVisibility;
import org.apache.accumulo.core.security.VisibilityEvaluator;
import org.apache.accumulo.core.security.VisibilityParseException;
import org.apache.accumulo.core.util.BadArgumentException;
-import org.apache.accumulo.core.util.TextUtil;
import org.apache.commons.collections.map.LRUMap;
-import org.apache.hadoop.io.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class VisibilityFilter extends Filter {
+public class VisibilityFilter extends SynchronizedServerFilter {
--- End diff --
We used to have a separate SynchronizedIterator on scan scope that wrapped
all of the system iterators and this moves that same functionality down into
the VisibilityFilter. The purpose of synchronization is to prevent leakage of
intermediate values through methods like getTopKey and getTopValue while
another thread is calling next. This is only necessary when a configurable
iterator does something multi-threaded. There are at least a couple of ways to
avoid the need to make this iterator synchronized: (1) make the system
iterators thread safe as exposed by the top iterator in some other way, at
least from a security perspective, or (2) detect and/or disallow any use of
threading in configurable iterators. Maybe you can do (1) by eliminating the
possibility of leaking top keys and values that are still being evaluated by
the filter? Probably needs a test to make sure we don't break that in the
future.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
