Major Description
In KeyAuthorizationKeyProvider#getMetadata, if firstly call KeyAuthorizationKeyProvider#doAccessCheck to check if client has the permission to do this operation. However, if the metadata is null when KeyAuthorizationKeyProvider#doAccessCheck is called and becomes not null after KeyAuthorizationKeyProvider#doAccessCheck called, key based ACL check will be skipped. The getMetadata operation should be atomic.
public Metadata getMetadata(String name) throws IOException { doAccessCheck(name, KeyOpType.READ); return provider.getMetadata(name); } private void doAccessCheck(String keyName, KeyOpType opType) throws IOException { Metadata metadata = provider.getMetadata(keyName); if (metadata != null) { String aclName = metadata.getAttributes().get(KEY_ACL_NAME); checkAccess((aclName == null) ? keyName : aclName, getUser(), opType); } }