[ https://issues.apache.org/jira/browse/KYLIN-3474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16796732#comment-16796732 ]
Temple Zhou edited comment on KYLIN-3474 at 3/21/19 1:49 AM: ------------------------------------------------------------- {code:java} public class KylinUserManager { private static final Logger logger = LoggerFactory.getLogger(KylinUserManager.class); public static KylinUserManager getInstance(KylinConfig config) { return config.getManager(KylinUserManager.class); } // called by reflection static KylinUserManager newInstance(KylinConfig config) throws IOException { return new KylinUserManager(config); } // ============================================================================ private KylinConfig config; // user ==> ManagedUser private CaseInsensitiveStringCache<ManagedUser> userMap; private CachedCrudAssist<ManagedUser> crud; private AutoReadWriteLock lock = new AutoReadWriteLock(); {code} {code:java} public void update(ManagedUser user) { try (AutoReadWriteLock.AutoLock l = lock.lockForWrite()) { ManagedUser exist = userMap.get(user.getUsername()); if (exist != null) { user.setLastModified(exist.getLastModified()); } user.setUsername(user.getUsername().toUpperCase(Locale.ROOT)); crud.save(user); } catch (IOException e) { throw new RuntimeException("Can not update user.", e); } }{code} The userMap is case-insensitive and Kylin will transform the username to uppercase(ADMIN) even I authenticate with lowercase (admin),but org.apache.kylin.rest.security.ManagedUser#equals compare the username in a case sensitive method. org.apache.kylin.rest.security.KylinAuthenticationProvider#authenticate {code:java} String username = user.getUsername(); logger.debug("User {} authorities : {}", username, user.getAuthorities()); if (!userService.userExists(username)) { userService.createUser(user); } else if (!userService.loadUserByUsername(username).equals(user)) { // in case ldap users changing. userService.updateUser(user); } {code} Finally, the userService.loadUserByUsername(username).equals(user) will always be false, and the org.springframework.security.provisioning.UserDetailsManager#updateUser will be called many times per second. was (Author: temple.zhou): {code:java} public class KylinUserManager { private static final Logger logger = LoggerFactory.getLogger(KylinUserManager.class); public static KylinUserManager getInstance(KylinConfig config) { return config.getManager(KylinUserManager.class); } // called by reflection static KylinUserManager newInstance(KylinConfig config) throws IOException { return new KylinUserManager(config); } // ============================================================================ private KylinConfig config; // user ==> ManagedUser private CaseInsensitiveStringCache<ManagedUser> userMap; private CachedCrudAssist<ManagedUser> crud; private AutoReadWriteLock lock = new AutoReadWriteLock(); {code} The userMap is case-insensitive, so I can authenticate successfully with uppercase or lowercase username such as ADMIN or admin,but org.apache.kylin.rest.security.ManagedUser#equals compare the username in a case sensitive method. org.apache.kylin.rest.security.KylinAuthenticationProvider#authenticate {code:java} String username = user.getUsername(); logger.debug("User {} authorities : {}", username, user.getAuthorities()); if (!userService.userExists(username)) { userService.createUser(user); } else if (!userService.loadUserByUsername(username).equals(user)) { // in case ldap users changing. userService.updateUser(user); } {code} Finally, the userService.loadUserByUsername(username).equals(user) will always be false, and the org.springframework.security.provisioning.UserDetailsManager#updateUser will be called many times per second. > Tableau 10.5 get malformed token (multi-query instance) > ------------------------------------------------------- > > Key: KYLIN-3474 > URL: https://issues.apache.org/jira/browse/KYLIN-3474 > Project: Kylin > Issue Type: Bug > Components: Query Engine, Security > Affects Versions: v2.3.0, v2.4.0, v2.5.0, v2.6.1 > Reporter: Temple Zhou > Assignee: Temple Zhou > Priority: Major > Fix For: v2.4.1, v2.4.2 > > Attachments: KYLIN-3474.master.001.patch, kylin.log, > tableau-malformed-token.png > > > I found that when I use Tableau 10.5 with Kylin 2.4.0(multi-query) , the > Tableau Server will get the malformed token error when do query via restful > API. > However, when I use Tableau 10.5 with Kylin 2.4.0(single query instance), the > error will be gone. -- This message was sent by Atlassian JIRA (v7.6.3#76005)