We recently updated to the latest version of the java-storage-nio library but almost immediately ran into issues with threads handling requests from different users having their filesystem providers and authentication mixed up. This resulted - luckily - in only “access denied” exceptions before we noticed and reverted the update but might have been much worse.
The problem seems to be coming from the changes made in #168 whereby the CloudStorageFileSystem is now caching providers in its CONFIG_TO_PROVIDERS_MAP (see: get, put) but not recognizing that differently authenticated providers might nevertheless be sharing a single value of config.
We believe that this would not be the case if the CONFIG_TO_PROVIDERS_MAP were to be keyed on the combination of config (which might be a single global value, as in our case) AND storageOptions (which contains the authentication information).
Side note: As Brian also mentioned in #691, the HashSets in that file seem to be storing objects whose hashes can mutate (and indeed, would be expected to mutate when their auth state is changed), which might also be causing unexpected behavior on lookup (which might actually have saved us from even more unexpected filesystem provider re-use).
We recently updated to the latest version of the
java-storage-niolibrary but almost immediately ran into issues with threads handling requests from different users having their filesystem providers and authentication mixed up. This resulted - luckily - in only “access denied” exceptions before we noticed and reverted the update but might have been much worse.The problem seems to be coming from the changes made in #168 whereby the CloudStorageFileSystem is now caching providers in its
CONFIG_TO_PROVIDERS_MAP(see: get, put) but not recognizing that differently authenticated providers might nevertheless be sharing a single value ofconfig.We believe that this would not be the case if the
CONFIG_TO_PROVIDERS_MAPwere to be keyed on the combination ofconfig(which might be a single global value, as in our case) ANDstorageOptions(which contains the authentication information).Side note: As Brian also mentioned in #691, the
HashSetsin that file seem to be storing objects whose hashes can mutate (and indeed, would be expected to mutate when their auth state is changed), which might also be causing unexpected behavior on lookup (which might actually have saved us from even more unexpected filesystem provider re-use).