Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-4037

Thread (un)safety of DefaultUserManager.java...

    XMLWordPrintable

Details

    • Bug
    • Resolution: Answered
    • Medium
    • N/A
    • None
    • None

    Description

      There are at least 2 issues with the DefaultUserManager used in FishEye/Crucible regarding thread safety. The first one has been seen in practice, the second one however has not.

      importUser race condition

      It is possible that 2 threads can enter any of the getOrImportXXX methods that do an upfront check for the existence of a User. If the user doesn't exist, then the user is imported. It is possible for 2 threads to both try and import a user, where both see the user doesn't exist first, then 1 will fail if it loses the race to create the user.

      Seen in studio:

      012-04-02 00:07:11,980 INFO  [btpool0-4 ] fisheye.app DefaultUserManager-importUser - auto-import user: "mlandis@5amsolutions.com"
2012-04-02 00:07:11,982 INFO  [btpool0-7 ] fisheye.app DefaultUserManager-importUser - auto-import user: "mlandis@5amsolutions.com"
2012-04-02 00:07:12,067 INFO  [btpool0-9 ] fisheye.app DefaultUserManager-importUser - auto-import user: "mlandis@5amsolutions.com"
2012-04-02 00:07:12,089 WARN  [btpool0-7 ] fisheye.app UserDetector-tryRequestDelegatedLogin - problem logging user delegated 
com.cenqua.fisheye.rep.DbException: User named "mlandis@5amsolutions.com" already exists.
        at com.cenqua.fisheye.user.DefaultUserManager$19.write(DefaultUserManager.java:1251)
        at com.cenqua.fisheye.user.DefaultUserManager$19.write(DefaultUserManager.java:1245)
        at com.cenqua.fisheye.config.DB0Handle.write(DB0Handle.java:96)
        at com.cenqua.fisheye.user.DefaultUserManager.addUserImpl(DefaultUserManager.java:1245)
        at com.cenqua.fisheye.user.DefaultUserManager.importUser(DefaultUserManager.java:634)
        at com.cenqua.fisheye.user.DefaultUserManager.getOrImportDelegatedUser(DefaultUserManager.java:594)
        at com.cenqua.fisheye.user.DefaultUserManager.tryRequestDelegatedLogin(DefaultUserManager.java:762)

      the mAuth member variable is not protected from multiple threads

      It is possible for the importUser() method to see a null mAuth member variable if the reload method is called during the import of a user.

      Attachments

        Activity

          People

            Unassigned Unassigned
            npellow Nick
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: