[JBoss JIRA] (ISPN-5790) AuthorizationManager rework
by Dan Berindei (JIRA)
[ https://issues.jboss.org/browse/ISPN-5790?page=com.atlassian.jira.plugin.... ]
Dan Berindei updated ISPN-5790:
-------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 8.1.0.Beta1
Resolution: Done
> AuthorizationManager rework
> ---------------------------
>
> Key: ISPN-5790
> URL: https://issues.jboss.org/browse/ISPN-5790
> Project: Infinispan
> Issue Type: Task
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Fix For: 8.1.0.Beta1, 8.1.0.Final
>
>
> The AuthorizationManager has a few issues:
> - it is using the deprecated ClusterRegistry: it should use an internal cache instead
> - it stores per-cache subject ACLs globally, thus possibly returning incorrect ACL masks for a specific subject/cache pair
> Solve the above by introducing a GlobalSecurityManager which starts a global ACL cache and only cache the subject role mapping and not the masks.
> It would be useful if the AuthorizationManager also supported checking for a specific role in addition to a permission
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 5 months
[JBoss JIRA] (ISPN-5876) Pre-commit cache invalidation creates stale cache vulnerability
by Dan Berindei (JIRA)
[ https://issues.jboss.org/browse/ISPN-5876?page=com.atlassian.jira.plugin.... ]
Dan Berindei updated ISPN-5876:
-------------------------------
Status: Resolved (was: Pull Request Sent)
Resolution: Done
> Pre-commit cache invalidation creates stale cache vulnerability
> ---------------------------------------------------------------
>
> Key: ISPN-5876
> URL: https://issues.jboss.org/browse/ISPN-5876
> Project: Infinispan
> Issue Type: Bug
> Components: Eviction
> Affects Versions: 5.2.7.Final
> Reporter: Stephen Fikes
> Assignee: Galder Zamarreño
> Fix For: 5.2.15.Final, 8.1.0.Beta1, 8.1.0.Final
>
>
> In a cluster where Infinispan serves as the level 2 cache for Hibernate (configured for invalidation), because invalidation requests for modified entities are sent *before* database commit, it is possible for nodes receiving the invalidation request to perform eviction and then (due to "local" read requests) reload the evicted entities prior to the time the database commit takes place in the server where the entity was modified.
> Consequently, other servers in the cluster may contain data that remains stale until a subsequent change in another server or until the entity times out from lack of use.
> It isn't easy to write a testcase for this - it required manual intervention to reproduce - but can be seen with any entity class, cluster, etc. (at least using Oracle - results may vary with specific databases) so I've not attached a testcase. The issue can be seen/understood by code inspection (i.e. the timing of invalidation vs. database commit). That said, my test consisted of a two node cluster and I used Byteman rules to delay database commit of a change to an entity (with an optimistic version property) long enough in "server 1" for eviction to complete and a subsequent re-read (by a worker thread on behalf of an EJB) to take place in "server 2". Following the re-read in "server 2", I the database commit proceeds in "server 1" and "server 2" now has a stale copy of the entity in cache.
> One option is pessimistic locking which will block any read attempt until the DB commit completes. It is not feasible, however, for many applications to use pessimistic locking for all reads as this can have a severe impact on concurrency - and is the reason for using optimistic version control. But due to the early timing of invalidation broadcast (*before* database commit, while the data is not yet stale), optimistic locking is insufficient to guard against "permanently" stale data. We did see that some databases default to blocking repeatable reads even outside of transactions and without explicit lock requests. Oracle does not provide such a mode. So, all reads must be implemented to use pessimistic locks (which must be enclosed in explicit transactions - (b)locking reads are disallowed when autocommit=true in Oracle) and this could require significant effort (re-writes) to use pessimistic reads throughout - in addition to the performance issues this can introduce.
> If broadcast of an invalidation message always occurs *after* database commit, optimistic control attributes are sufficient to block attempts to write stale data and though a few failures may occur (as they would in a single server with multiple active threads), it can be known that the stale data will be removed in some finite period.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 5 months
[JBoss JIRA] (ISPN-5904) Passivation log messages should be DEBUG
by Galder Zamarreño (JIRA)
Galder Zamarreño created ISPN-5904:
--------------------------------------
Summary: Passivation log messages should be DEBUG
Key: ISPN-5904
URL: https://issues.jboss.org/browse/ISPN-5904
Project: Infinispan
Issue Type: Feature Request
Reporter: Galder Zamarreño
Including:
{code}Oct 19, 2015 11:52:26 org.infinispan.eviction.impl.PassivationManagerImpl passivateAll
INFO: ISPN000029: Passivating all entries to disk
Oct 19, 2015 11:52:26 org.infinispan.eviction.impl.PassivationManagerImpl passivateAll
INFO: ISPN000030: Passivated 0 entries in 0 milliseconds
{code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 5 months
[JBoss JIRA] (ISPN-5791) Query DSL : Projecting a Date field multiple times will render it as string
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/ISPN-5791?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on ISPN-5791:
-----------------------------------------------
Adrian Nistor <anistor(a)redhat.com> changed the Status of [bug 1277075|https://bugzilla.redhat.com/show_bug.cgi?id=1277075] from NEW to POST
> Query DSL : Projecting a Date field multiple times will render it as string
> ---------------------------------------------------------------------------
>
> Key: ISPN-5791
> URL: https://issues.jboss.org/browse/ISPN-5791
> Project: Infinispan
> Issue Type: Bug
> Components: Embedded Querying
> Affects Versions: 8.0.1.Final, 8.1.0.Alpha1
> Reporter: Adrian Nistor
> Assignee: Adrian Nistor
> Fix For: 8.1.0.Beta1, 8.0.2.Final
>
>
> Adding this in QueryDslConditionsTest fails. The second date projection is a String instead of being a Date. First projection is OK. The problem is gone if cache is not indexed, which makes me think it is more of a problem in CacheQuery.
> {code}
> public void testDuplicateDateProjection() throws Exception {
> QueryFactory qf = getQueryFactory();
> Query q = qf.from(getModelFactory().getTransactionImplClass())
> .select("id", "date", "date")
> .having("description").eq("Hotel")
> .toBuilder().build();
> List<Object[]> list = q.list();
> assertEquals(1, list.size());
> assertEquals(1, list.size());
> assertEquals(3, list.get(0).length);
> assertEquals(3, list.get(0)[0]);
> assertEquals(makeDate("2013-02-27"), list.get(0)[1]);
> assertEquals(makeDate("2013-02-27"), list.get(0)[2]);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 5 months
[JBoss JIRA] (ISPN-5838) Cleanup uberjar packaging
by Dan Berindei (JIRA)
[ https://issues.jboss.org/browse/ISPN-5838?page=com.atlassian.jira.plugin.... ]
Dan Berindei updated ISPN-5838:
-------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 8.1.0.Beta1
8.1.0.Final
Resolution: Done
> Cleanup uberjar packaging
> -------------------------
>
> Key: ISPN-5838
> URL: https://issues.jboss.org/browse/ISPN-5838
> Project: Infinispan
> Issue Type: Feature Request
> Components: Build process
> Reporter: Pedro Zapata
> Assignee: Sebastian Łaskawiec
> Labels: jdg7
> Fix For: 8.1.0.Beta1, 8.1.0.Final
>
>
> Need to minimize shipping non-required or provided dependencies in the uberjar.
> Some ideas that need to be further refined:
> * Split CDI into cdi-embedded and cdi-remote
> * Add only cdi-embedded to infinispan-embedded (and cdi-remote to infinispan-remote)
> * Add infinispan-client-hotrod to infinispan-embedded ? Used for RemoteCacheStore (which is an embedded use-case)
> * infinispan-embedded has a compulsory dependency on javax.transaction api. We cannot change this in Infinispan <= 8.2 for backwards compatibility, but we can change it in 8.3
> *
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 5 months