Clear REST user cache when invalidating user cache by LJW21-02 · Pull Request #17250 · apache/iotdb

LJW21-02 · Mar 4, 2026

This pull request introduces a mechanism to clear cached user authentication data in the REST external service when a user's permissions are invalidated, ensuring that permission changes take effect immediately across all service endpoints. It also improves configuration file resolution by considering an additional environment variable. The most important changes are grouped below:

User Cache Invalidation Integration:

Added a new static method clearUserCache(String userName) to RestService to allow clearing a specific user's cache from outside the REST service.
Implemented clearUserCache(String userName) in UserCache to remove cached entries for the specified user.
Modified AuthorityChecker.invalidateCache to invoke REST user cache invalidation by dynamically locating and calling the clearUserCache method via reflection, if the REST service is running. This ensures that user permission changes are immediately reflected in the REST service.
Added logging and error handling for the dynamic invocation of the cache clearing method in AuthorityChecker. [1] [2]

Configuration Resolution Enhancement:

Updated IoTDBRestServiceDescriptor to check for the CONFIGNODE_HOME environment variable when resolving configuration file locations, improving flexibility in deployment environments. [1] [2] [3]

Copilot

Pull request overview

This PR wires user/role permission cache invalidation into the external-service subsystem so that running external services (notably REST) can clear per-user authentication caches when permissions change.

Changes:

Adds a clearUserCache(String userName) hook to the external service API (IExternalService) and implements it in REST (no-op in MQTT).
Introduces ExternalServiceManagementService.clearServiceUserCache(...) and calls it from AuthorityChecker.invalidateCache(...).
Adds username-based eviction support to the REST UserCache.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/service/externalservice/ExternalServiceManagementService.java	Adds a method to propagate per-user cache clearing to running external services.
iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java	Triggers external-service user cache clearing during auth cache invalidation.
iotdb-api/external-service-api/src/main/java/org/apache/iotdb/externalservice/api/IExternalService.java	Extends the external service API with a per-user cache clearing method.
external-service-impl/rest/src/main/java/org/apache/iotdb/rest/protocol/filter/UserCache.java	Adds logic to evict cached REST auth entries for a given username.
external-service-impl/rest/src/main/java/org/apache/iotdb/rest/RestService.java	Implements the new external-service cache clearing hook for REST.
external-service-impl/mqtt/src/main/java/org/apache/iotdb/mqtt/MQTTService.java	Implements the new API method as a no-op for MQTT.

Comments suppressed due to low confidence (1)

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java:135

PR description mentions invoking REST cache invalidation via reflection and updating IoTDBRestServiceDescriptor to consider CONFIGNODE_HOME, but the current changes call ExternalServiceManagementService directly and IoTDBRestServiceDescriptor does not appear to reference CONFIGNODE_HOME. Please update the PR description (or include the missing code changes) so reviewers/operators have an accurate picture of what is being shipped.

  public static boolean invalidateCache(String username, String roleName) {
    PipeInsertionDataNodeListener.getInstance().invalidateAllCache();
    ExternalServiceManagementService.getInstance().clearServiceUserCache(username);
    return authorityFetcher.get().getAuthorCache().invalidateCache(username, roleName);

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.../main/java/org/apache/iotdb/db/service/externalservice/ExternalServiceManagementService.java

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java

...xternal-service-api/src/main/java/org/apache/iotdb/externalservice/api/IExternalService.java

external-service-impl/rest/src/main/java/org/apache/iotdb/rest/protocol/filter/UserCache.java

HTHou · Mar 20, 2026

Fixed in #17321

LJW21-02 added 3 commits March 4, 2026 09:45

Clear REST user cache when invalidating user cache

4600545

Changed implementation method to clear rest user cache

3f96828

Removed unused code

a132621

CritasWang requested a review from Copilot March 5, 2026 06:41

Copilot started reviewing on behalf of CritasWang March 5, 2026 06:42 View session

Copilot AI reviewed Mar 5, 2026

View reviewed changes

HTHou closed this Mar 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Clear REST user cache when invalidating user cache#17250

Clear REST user cache when invalidating user cache#17250
LJW21-02 wants to merge 3 commits intoapache:masterapache/iotdb:masterfrom
LJW21-02:feat_clear_rest_user_cacheLJW21-02/iotdb:feat_clear_rest_user_cacheCopy head branch name to clipboard

LJW21-02 commented Mar 4, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

HTHou commented Mar 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Search code, repositories, users, issues, pull requests...

Conversation

LJW21-02 commented Mar 4, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

HTHou commented Mar 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants