[
https://issues.apache.org/jira/browse/RANGER-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-5115:
-------------------------------------
Attachment: RANGER-5115.patch
> Potential ConcurrentModificationException error during policy evaluation
> ------------------------------------------------------------------------
>
> Key: RANGER-5115
> URL: https://issues.apache.org/jira/browse/RANGER-5115
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 2.5.0
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Fix For: 3.0.0, 2.6.0
>
> Attachments: RANGER-5115.patch
>
>
> Initialization of
> RangerAbstractPolicyItemEvaluator.withImpliedGrants should be synchronized to
> avoid ConcurrentModificationException while evaluating policies, as shown in
> the following stack trace:
>
> {noformat}
> java.util.ConcurrentModificationException
> at
> java.base/java.util.ArrayList$Itr.checkForComodification(ArrayList.java:1042)
> at java.base/java.util.ArrayList$Itr.next(ArrayList.java:996)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator.getAccess(RangerDefaultPolicyEvaluator.java:1213)
> at
> org.apache.ranger.plugin.policyevaluator.RangerAbstractPolicyItemEvaluator.computeWithImpliedGrants(RangerAbstractPolicyItemEvaluator.java:138)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyItemEvaluator.isMatch(RangerDefaultPolicyItemEvaluator.java:96)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator.getMatchingPolicyItem(RangerDefaultPolicyEvaluator.java:1413)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator.getMatchingPolicyItemForAccessPolicyForSpecificAccess(RangerDefaultPolicyEvaluator.java:1392)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator.getMatchingPolicyItem(RangerDefaultPolicyEvaluator.java:1370)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator.evaluatePolicyItems(RangerDefaultPolicyEvaluator.java:860)
> at
> org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator.evaluate(RangerDefaultPolicyEvaluator.java:256)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePoliciesForOneAccessTypeNoAudit(RangerPolicyEngineImpl.java:778)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePoliciesNoAudit(RangerPolicyEngineImpl.java:704)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:628)
> at
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:136)
> at
> org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:513)
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
