[KNOX-1881] DefaultKeystoreService should use Java NIO API locking as well - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.3.0
Component/s: KnoxCLI, Server
Labels:
None

Description

The file locking mechanism in org.apache.knox.gateway.services.security.impl.DefaultKeystoreService today relies on read/write locks to prevent multiple threads from editing a single keystore. Java NIO API file locking adds the protection for reading/writing from multiple JVMs. Since DefaultKeystoreService is used in both gateway and knoxcli, we need to protect against this type of access happening at once.

https://docs.oracle.com/javase/8/docs/api/java/nio/channels/FileLock.html

Attachments

Issue Links

is a clone of

KNOX-1821 Change file locking mechanism in DefaultKeystoreService to use Java NIO API

Closed

is related to

KNOX-2200 DefaultKeystoreService can lose entries under concurrent access

Resolved

KNOX-1917 DefaultKeystoreService should use a shared read lock

Closed

relates to

KNOX-1230 Many Concurrent Requests to Knox causes URL Mangling

Closed

links to

GitHub Pull Request #104

PR #104

(1 links to)

Activity

People

Assignee:: Kevin Risden

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Jun/19 19:09

Updated:: 27/Jan/20 16:35

Resolved:: 21/Jun/19 19:06

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m