Rich T created ARTEMIS-4399:
-------------------------------
Summary: Authentication cache set to size 0 (i.e. disabled) is not
threadsafe
Key: ARTEMIS-4399
URL: https://issues.apache.org/jira/browse/ARTEMIS-4399
Project: ActiveMQ Artemis
Issue Type: Bug
Affects Versions: 2.29.0
Reporter: Rich T
To disable authentication cache you have to set the following config option:
{code:java}
setAuthenticationCacheSize(0){code}
SecurityStoreImpl then creates the following guava cache with maximumSize set
to 0:
{code:java}
authenticationCache = CacheBuilder.newBuilder()
.maximumSize(authenticationCacheSize)
.expireAfterWrite(invalidationInterval, TimeUnit.MILLISECONDS)
.build();{code}
The way the guava LocalCache implementation works with maximumSize is that even
with size 0 an entry is added but then is removed; this means that another
thread can end up pulling an entry out of the cache before it is evicted; even
though maximumSize is set to 0.
It has taken me some effort to track down this timing issue but the behaviour
is also explained in the guava docs:
{code:java}
When size is zero, elements will be evicted immediately after being loaded into
the cache. This can be useful in testing, or to disable caching temporarily
without a code change.This feature cannot be used in conjunction with
maximumWeight
{code}
Based on these findings no auth cache should be created at all when size 0 is
requested.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
