[jira] [Updated] (GEODE-2652) IntegratedSecurityService class has state that is not thread safe

Kirk Lund (JIRA) Mon, 13 Mar 2017 14:25:36 -0700

     [ 
https://issues.apache.org/jira/browse/GEODE-2652?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kirk Lund updated GEODE-2652:
-----------------------------
    Description: 
The state of IntegratedSecurityService is currently not thread safe. One thread 
may set these values by invoking initSecurity, while others threads invoke 
methods which access these values:

*  private PostProcessor postProcessor;
*  private SecurityManager securityManager;
*  private Boolean isIntegratedSecurity;
*  private boolean isClientAuthenticator; // is there a 
SECURITY_CLIENT_AUTHENTICATOR
* private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR

This could manifest as thread visibility bugs (other thread does not see the 
value set by another thread).

  was:
The state of IntegratedSecurityService is currently not thread safe. One thread 
may set these values by invoking initSecurity, while another thread may invoke 
others methods which access these values:

*  private PostProcessor postProcessor;
*  private SecurityManager securityManager;
*  private Boolean isIntegratedSecurity;
*  private boolean isClientAuthenticator; // is there a 
SECURITY_CLIENT_AUTHENTICATOR
* private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR



> IntegratedSecurityService class has state that is not thread safe
> -----------------------------------------------------------------
>
>                 Key: GEODE-2652
>                 URL: https://issues.apache.org/jira/browse/GEODE-2652
>             Project: Geode
>          Issue Type: Bug
>          Components: security
>            Reporter: Kirk Lund
>
> The state of IntegratedSecurityService is currently not thread safe. One 
> thread may set these values by invoking initSecurity, while others threads 
> invoke methods which access these values:
> *  private PostProcessor postProcessor;
> *  private SecurityManager securityManager;
> *  private Boolean isIntegratedSecurity;
> *  private boolean isClientAuthenticator; // is there a 
> SECURITY_CLIENT_AUTHENTICATOR
> * private boolean isPeerAuthenticator; // is there a 
> SECURITY_PEER_AUTHENTICATOR
> This could manifest as thread visibility bugs (other thread does not see the 
> value set by another thread).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (GEODE-2652) IntegratedSecurityService class has state that is not thread safe

Reply via email to