From 22341aaac30ac11cbb11d6130e5909e4162b28ec Mon Sep 17 00:00:00 2001 From: Yang Wang Date: Fri, 8 Sep 2023 15:21:55 +1000 Subject: [PATCH] tweak --- .../xpack/core/security/support/CacheIteratorHelper.java | 2 +- .../org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java | 2 +- .../xpack/security/authz/store/CompositeRolesStore.java | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/support/CacheIteratorHelper.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/support/CacheIteratorHelper.java index 57b87c0d13961..28b5a09f19f34 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/support/CacheIteratorHelper.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/support/CacheIteratorHelper.java @@ -40,7 +40,7 @@ public CacheIteratorHelper(Cache cache) { iteratorLock = new ReleasableLock(lock.writeLock()); } - public ReleasableLock acquireForUpdate() { + public ReleasableLock acquireUpdateLock() { return updateLock.acquire(); } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java index f08339710e5d7..41795bbb62010 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java @@ -404,7 +404,7 @@ void processValidatedJwt( () -> format("Realm [%s] roles resolved [%s] for principal=[%s].", name(), join(",", user.roles()), principal) ); if (isCacheEnabled()) { - try (ReleasableLock ignored = jwtCacheHelper.acquireForUpdate()) { + try (ReleasableLock ignored = jwtCacheHelper.acquireUpdateLock()) { final long expWallClockMillis = claimsSet.getExpirationTime().getTime() + allowedClockSkew.getMillis(); jwtCache.put(jwtCacheKey, new ExpiringUser(result.getValue(), new Date(expWallClockMillis))); } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java index 19e41afc48b18..f4dbadbed588d 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java @@ -327,7 +327,7 @@ private void buildThenMaybeCacheRole( restrictedIndices, listener.delegateFailureAndWrap((delegate, role) -> { if (role != null && tryCache) { - try (ReleasableLock ignored = roleCacheHelper.acquireForUpdate()) { + try (ReleasableLock ignored = roleCacheHelper.acquireUpdateLock()) { /* this is kinda spooky. We use a read/write lock to ensure we don't modify the cache if we hold * the write lock (fetching stats for instance - which is kinda overkill?) but since we fetching * stuff in an async fashion we need to make sure that if the cache got invalidated since we @@ -546,7 +546,7 @@ public static void buildRoleFromDescriptors( public void invalidateAll() { numInvalidation.incrementAndGet(); negativeLookupCache.invalidateAll(); - try (ReleasableLock ignored = roleCacheHelper.acquireForUpdate()) { + try (ReleasableLock ignored = roleCacheHelper.acquireUpdateLock()) { roleCache.invalidateAll(); } dlsBitsetCache.clear("role store invalidation");