[ https://issues.apache.org/jira/browse/ARTEMIS-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17758425#comment-17758425 ]
Rich T commented on ARTEMIS-4399: --------------------------------- Thanks for picking this up so quickly > Authentication cache set to size 0 (i.e. disabled) is not threadsafe > --------------------------------------------------------------------- > > Key: ARTEMIS-4399 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4399 > Project: ActiveMQ Artemis > Issue Type: Bug > Affects Versions: 2.30.0 > Reporter: Rich T > Assignee: Justin Bertram > Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > To disable authentication cache you have to set the following config option: > {code:java} > setAuthenticationCacheSize(0){code} > SecurityStoreImpl then creates the following guava cache with maximumSize set > to 0: > {code:java} > authenticationCache = CacheBuilder.newBuilder() > .maximumSize(authenticationCacheSize) > .expireAfterWrite(invalidationInterval, TimeUnit.MILLISECONDS) > .build();{code} > The way the guava LocalCache implementation works with maximumSize is that > even with size 0 an entry is added but then is removed; this means that > another thread can end up pulling an entry out of the cache before it is > evicted; even though maximumSize is set to 0. > It has taken me some effort to track down this timing issue but the behaviour > is also explained in the guava docs: > {code:java} > When size is zero, elements will be evicted immediately after being loaded > into the cache. This can be useful in testing, or to disable caching > temporarily without a code change.This feature cannot be used in conjunction > with maximumWeight > {code} > Based on these findings no auth cache should be created at all when size 0 is > requested. -- This message was sent by Atlassian Jira (v8.20.10#820010)