Repository: kylin Updated Branches: refs/heads/2.0.x-hbase0.98 99ac4c111 -> bb4df0630 (forced update)
KYLIN-2589 fix MessageDigest not thread safe in KylinAuthenticationProvider Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/9ae792c5 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/9ae792c5 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/9ae792c5 Branch: refs/heads/2.0.x-hbase0.98 Commit: 9ae792c51a934c17dcc76795f3ca064b468d26cf Parents: eb30e3c Author: shaofengshi <shaofeng...@apache.org> Authored: Mon May 22 11:24:38 2017 +0800 Committer: shaofengshi <shaofeng...@apache.org> Committed: Mon May 22 11:24:46 2017 +0800 ---------------------------------------------------------------------- .../security/KylinAuthenticationProvider.java | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/9ae792c5/server-base/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java b/server-base/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java index d0dd06a..ffe9811 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java +++ b/server-base/src/main/java/org/apache/kylin/rest/security/KylinAuthenticationProvider.java @@ -18,10 +18,9 @@ package org.apache.kylin.rest.security; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Arrays; - +import com.google.common.hash.HashFunction; +import com.google.common.hash.Hashing; +import org.apache.kylin.common.util.ByteArray; import org.apache.kylin.rest.service.UserService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -55,26 +54,21 @@ public class KylinAuthenticationProvider implements AuthenticationProvider { //Embedded authentication provider private AuthenticationProvider authenticationProvider; - MessageDigest md = null; + private HashFunction hf = null; public KylinAuthenticationProvider(AuthenticationProvider authenticationProvider) { super(); Assert.notNull(authenticationProvider, "The embedded authenticationProvider should not be null."); this.authenticationProvider = authenticationProvider; - try { - md = MessageDigest.getInstance("MD5"); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException("Failed to init Message Digest ", e); - } + hf = Hashing.murmur3_128(); } @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { Authentication authed = null; Cache userCache = cacheManager.getCache("UserCache"); - md.reset(); - byte[] hashKey = md.digest((authentication.getName() + authentication.getCredentials()).getBytes()); - String userKey = Arrays.toString(hashKey); + byte[] hashKey = hf.hashString(authentication.getName() + authentication.getCredentials()).asBytes(); + ByteArray userKey = new ByteArray(hashKey); Element authedUser = userCache.get(userKey); if (null != authedUser) {
