honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: roles store poller should only update existing entries 

Original commit: elastic/x-pack-elasticsearch@6573f4d689
This commit is contained in:
jaymode 2016-03-25 07:24:26 -04:00
parent 7fbd30c801
commit 6fab4680a2
1 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/esnative/ESNativeRolesStore.java
View File

@ -514,23 +514,12 @@ public class ESNativeRolesStore extends AbstractComponent implements RolesStore,
for (SearchHit hit : response.getHits().getHits()) {
final String roleName = hit.getId();
final long version = hit.version();
final boolean existed = existingRoles.remove(roleName);
existingRoles.remove(roleName);
// we use the locking mechanisms provided by the map/cache to help protect against concurrent operations
// that will leave the cache in a bad state
roleCache.compute(roleName, new BiFunction<String, RoleAndVersion, RoleAndVersion>() {
roleCache.computeIfPresent(roleName, new BiFunction<String, RoleAndVersion, RoleAndVersion>() {
@Override
public RoleAndVersion apply(String roleName, RoleAndVersion existing) {
if (existing == null) {
if (existed) {
// the cache doesn't have this role anymore, it got cleared by something else, do nothing.
return null;
} else {
// it is new, we can cache it
RoleDescriptor rd = transformRole(hit.getId(), hit.getSourceRef());
return new RoleAndVersion(rd, version);
}
}
if (version > existing.getVersion()) {
RoleDescriptor rd = transformRole(hit.getId(), hit.getSourceRef());
if (rd != null) {