Issue Details (XML | Word | Printable)

Key: JRA-14193
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: Unassigned
Reporter: Andreas Knecht [Atlassian]
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
JIRA

ThreadLocalCachingPermissionManager does not cache project permissions user specific

Created: 27/Dec/07 10:12 PM   Updated: 02/Oct/08 08:37 PM
Component/s: Security
Affects Version/s: 3.10
Fix Version/s: 3.13.x

Time Tracking:
Not Specified

File Attachments: 1. Zip Archive cachePatch.jira310.zip (4 kB)
Issue Links:
Reference

Participants: Andreas Knecht [Atlassian]
Since last comment: 41 weeks, 2 days ago
Support reference count: 3
Labels: bughunt_hard bughunt_mail


 Description  « Hide
The thread local caching permissionManager maintains a cache of projects for which a user has the browse permission. Unfortunately the cache does not take the user into consideration, and the getProjects(Permission, User) method may return incorrect results if two different users make subsequent requests within the same thread.

This can happen if subscriptions are being mailed out. If two subscriptions for 2 different users are being sent at exactly the same time, one of them may be empty even though it should contain some issues. This happens because the subscription in question, will retrieve projects used for the previous subscription to build up its permissions lucene query.

We should make the ThreadLocalPermissionManager respect the user when caching. We should also make sure the mail sender cleans up threadlocal caches properly when sending mail.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Andreas Knecht [Atlassian] added a comment - 27/Dec/07 10:32 PM
This patch fixes the issue on JIRA 3.10. To install:
  1. Backup the two class files included in the patch
  2. Copy the two class files in the patch into your <JIRA>/WEB-INF/classes/com/atlassian/jira/security/ directory
  3. Restart JIRA

[ Permlink | « Hide ]
Andreas Knecht [Atlassian] added a comment - 27/Dec/07 11:43 PM
I'll leave this bug open for now, as the patch currently only makes the cache user specific, but does not ensure threadlocals are cleaned up properly when sending mail.

We should probably re-factor the mail sending using a command pattern. See the ServiceRunner for more info...
Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13-#330) - Bug/feature request - Atlassian news - Contact Administrators