Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.1.0, 3.1.1, 3.1.2
-
None
Description
Hey all. We have a custom CredentialPlugin linked to AWS SecretManager (for auto credential rotation). We have been using this plugin for a few months over multiple datasources (same app).
We recently switched from Spring Boot 2.6.x to 2.7.x, which upgraded the mariadb driver from 2.x to 3.x. From this upgrade we started seeing login failures, ie wrong username for the datasource. It was mostly working well, but there was some connection creation that were completely messed up in regards to users vs actual datasource being connecting to.
By looking at the code, it seems a single instance of a CredentialPlugin is used. The problem is that state is kept in that instance between the 'initialize' & 'get' calls. If 2 connection creations over 2 different threads happen at the same time, there will be a race condition, mix-matching the returned credentials.
We are wondering if there was a change in behavior in that regard from 2.x to 3.x. If not, we will look into other things that were upgraded in the stack. But even then, the way CredentialPlugin is implemented, it seems that it should ensure no 2 threads could call it at the same time.
Thanks!