[ https://issues.apache.org/jira/browse/CURATOR-665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17707255#comment-17707255 ]
Ryan Ruel commented on CURATOR-665: ----------------------------------- Below is a test case which you can drop into TestModeledFramework which reproduces the issue. The issue seems to be related to ACLs and the creation of sub-paths: {code:java} @Test public void testExceptionHandling() throws Exception { final List<ACL> writeAcl = Collections.singletonList(new ACL(ZooDefs.Perms.WRITE, new Id("digest", DigestAuthenticationProvider.generateDigest("test:test")))); // An ACLProvider is used to get the write ACL (for the test user) for any path "/test/**". final ACLProvider aclProvider = new ACLProvider() { @Override public List<ACL> getDefaultAcl() { return ZooDefs.Ids.READ_ACL_UNSAFE; } @Override public List<ACL> getAclForPath(String path) { // Any sub-path "/test/**" should only be writeable by the test user. return path.startsWith("/test") ? writeAcl : getDefaultAcl(); } }; try (CuratorFramework authorizedFramework = CuratorFrameworkFactory.builder() .connectString(server.getConnectString()) .retryPolicy(new RetryOneTime(1)) .aclProvider(aclProvider) .authorization("digest", "test:test".getBytes()) .build()) { authorizedFramework.start(); // Create the parent path using the authorized framework, which will initially set the ACL accordingly. authorizedFramework.create().withMode(CreateMode.PERSISTENT).forPath("/test"); } // Now attempt to set the sub-node using an unauthorized client. try (CuratorFramework unauthorizedFramework = CuratorFrameworkFactory.builder() .connectString(server.getConnectString()) .retryPolicy(new RetryOneTime(1)) .aclProvider(aclProvider) .build()) { unauthorizedFramework.start(); // I overrode the TestModel provided path with a multi-component path under the "/test" parent path // (which was previously created with ACL protection). ModelSpec<TestModel> aclModelSpec = ModelSpec.builder(ZPath.parse("/test/foo/bar"), modelSpec.serializer()) .withCreateOptions(EnumSet.of(CreateOption.createParentsIfNeeded, CreateOption.createParentsAsContainers)) .build(); ModeledFramework<TestModel> noAuthClient = ModeledFramework.wrap(AsyncCuratorFramework.wrap(unauthorizedFramework), aclModelSpec); // We would expect this to throw a NoAuth KeeperException, but it instead hangs. noAuthClient.set(new TestModel("John", "Galt", "Galt's Gulch", 42, BigInteger.valueOf(66))).toCompletableFuture().get(); } } {code} > ModeledFramework does not throw expected exception and instead hangs > -------------------------------------------------------------------- > > Key: CURATOR-665 > URL: https://issues.apache.org/jira/browse/CURATOR-665 > Project: Apache Curator > Issue Type: Bug > Components: Framework > Affects Versions: 5.4.0 > Reporter: Ryan Ruel > Priority: Major > > When writing data to ZooKeeper via Curator, I found that when I was receiving > a KeeperException NoAuth back from ZooKeeper, my call would hang indefinitely. > The NoAuth was expected as I was testing writing to a path where the ACL was > set to prevent my client from writing (X509 authentication scheme). > The call which hangs: > {code:java} > myFramework.set(myModel).toCompletableFuture().get();{code} > The logs from the call: > {code:java} > 2023-03-29 14:20:29,511 [Curator-Framework-0] ERROR imps.CuratorFrameworkImpl > - Background exception was not retry-able or retry gave up > org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = > NoAuth for /test/foo {code} > I'd expect this exception to bubble up wrapped in a CompletionException. > Instead, CuratorFrameworkImpl just logs the exception and then the call to > get() hangs indefinitely. -- This message was sent by Atlassian Jira (v8.20.10#820010)