Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-10621

DefaultCapabilityRegistry is not thread-safe

    XMLWordPrintable

    Details

    • Story Points:
      1
    • Sprint:
      Sprint 91

      Description

      The DefaultCapabilityRegistry uses a simple HashMap for its references field, a lock is used to protect that data structure from concurrent access. The getAll() method however hands out a direct reference to that very map (its value set actually but that's irrelevant here), exposing it to access that is not guarded by the lock, e.g. an iteration by get() or other callers which can then encounter exceptions like below.

      https://github.com/sonatype/nexus-internal/blob/3ce6cd48c49603b70f3dc1e41efe53122e9ea033/components/nexus-core/src/main/java/org/sonatype/nexus/internal/capability/DefaultCapabilityRegistry.java#L362

      2016-08-09 20:49:45,756+0200 ERROR [pool-38-thread-8] admin org.sonatype.nexus.extdirect.internal.ExtDirectServlet - Failed to invoke action method: capability_Capability.read, java-method: org.sonatype.nexus.coreui.capability.CapabilityComponent.read
      java.util.ConcurrentModificationException: null
              at java.util.HashMap$HashIterator.nextNode(HashMap.java:1429) [na:1.8.0_74]
              at java.util.HashMap$ValueIterator.next(HashMap.java:1458) [na:1.8.0_74]
              at com.google.common.collect.Iterators$7.computeNext(Iterators.java:651) [com.google.guava:18.0.0]
              at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143) [com.google.guava:18.0.0]
              at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138) [com.google.guava:18.0.0]
              at java.util.Collections$UnmodifiableCollection$1.hasNext(Collections.java:1041) [na:1.8.0_74]
              at org.codehaus.groovy.runtime.DefaultGroovyMethods.collect(DefaultGroovyMethods.java:3169) [na:na]
              at org.codehaus.groovy.runtime.DefaultGroovyMethods.collect(DefaultGroovyMethods.java:3140) [na:na]
              at org.codehaus.groovy.runtime.dgm$66.invoke(Unknown Source) [na:na]
              at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:274) [na:na]
              at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56) [na:na]
              at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) [na:na]
              at org.sonatype.nexus.coreui.capability.CapabilityComponent.read(CapabilityComponent.groovy:78) [na:na]
      

        Attachments

          Activity

            People

            Assignee:
            jstephens Joseph Stephens
            Reporter:
            bentmann Benjamin Bentmann
            Last Updated By:
            Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title