Java.util.ConcurrentModificationException in Datahub v0.10.4 Exception - Possible solution with GMS Authentication

Original Slack Thread

Hello Community,
We are using v0.10.4 version of the Datahub and observed this Exception

2023-08-18 00:38:32,971 [Thread-25027] ERROR c.d.authorization.AuthorizerChain:74 - Caught exception while attempting to authorize request using Authorizer com.datahub.authorization.DataHubAuthorizer. Skipping authorizer.
java.util.ConcurrentModificationException: null
at java.base/java.util.ArrayList$Itr.checkForComodification(
at java.base/java.util.ArrayList$
at com.datahub.authorization.DataHubAuthorizer.authorize(
at com.datahub.authorization.AuthorizerChain.authorize(
at com.linkedin.datahub.graphql.resolvers.AuthUtils.isAuthorized(
at com.linkedin.datahub.graphql.resolvers.ingest.IngestionAuthUtils.canManageIngestion(
at com.linkedin.datahub.graphql.resolvers.MeResolver.lambda$get$0(
at java.base/java.util.concurrent.CompletableFuture$
at java.base/

Our guess work is (based on “at com.datahub.authorization.DataHubAuthorizer.authorize(“)
that the _policyCache (line that is getting refreshed periodically is conflicting with GMS Authentication.

Probably, setup a ‘flag = <in-progress>’ while _policyCache is getting refreshed and GMS Authentication can wait until the ‘flag = <done>’.

Let me know if I should open an incident, or you have other ideas about the cause of the problem.

cc: <@U040BNMTGSF>, <@U03FR4Q3M1P>, <@U04096SS05D>

<@UV5UEC3LN> might be able to speak to this!

Hey! Thanks for pointing out this bug, it’s not because of the _policyCache directly here, but because of adds happening to the ArrayList value stored within the policy cache. In addPolicyToCache which executes as a part of the async runner it is doing a getOrDefault + add while it is possible for it to be accessed by another thread in a loop. Will get started working on a fix, but this should be an extremely infrequent issue.