Details
-
Bug
-
Resolution: Answered
-
Medium
-
None
-
None
-
Severity 2 - Major
-
Description
There are at least 2 issues with the DefaultUserManager used in FishEye/Crucible regarding thread safety. The first one has been seen in practice, the second one however has not.
importUser race condition
It is possible that 2 threads can enter any of the getOrImportXXX methods that do an upfront check for the existence of a User. If the user doesn't exist, then the user is imported. It is possible for 2 threads to both try and import a user, where both see the user doesn't exist first, then 1 will fail if it loses the race to create the user.
Seen in studio:
012-04-02 00:07:11,980 INFO [btpool0-4 ] fisheye.app DefaultUserManager-importUser - auto-import user: "mlandis@5amsolutions.com" 2012-04-02 00:07:11,982 INFO [btpool0-7 ] fisheye.app DefaultUserManager-importUser - auto-import user: "mlandis@5amsolutions.com" 2012-04-02 00:07:12,067 INFO [btpool0-9 ] fisheye.app DefaultUserManager-importUser - auto-import user: "mlandis@5amsolutions.com" 2012-04-02 00:07:12,089 WARN [btpool0-7 ] fisheye.app UserDetector-tryRequestDelegatedLogin - problem logging user delegated com.cenqua.fisheye.rep.DbException: User named "mlandis@5amsolutions.com" already exists. at com.cenqua.fisheye.user.DefaultUserManager$19.write(DefaultUserManager.java:1251) at com.cenqua.fisheye.user.DefaultUserManager$19.write(DefaultUserManager.java:1245) at com.cenqua.fisheye.config.DB0Handle.write(DB0Handle.java:96) at com.cenqua.fisheye.user.DefaultUserManager.addUserImpl(DefaultUserManager.java:1245) at com.cenqua.fisheye.user.DefaultUserManager.importUser(DefaultUserManager.java:634) at com.cenqua.fisheye.user.DefaultUserManager.getOrImportDelegatedUser(DefaultUserManager.java:594) at com.cenqua.fisheye.user.DefaultUserManager.tryRequestDelegatedLogin(DefaultUserManager.java:762)
the mAuth member variable is not protected from multiple threads
It is possible for the importUser() method to see a null mAuth member variable if the reload method is called during the import of a user.