I have created a related issue here: #4374

Description of the issue and possible solution:

There is a data race (according to the Java memory model) in the field readOnlyBearerAuth in class RegistryClient.java. Due to this data race, it is possible that writes on the variable by one thread are not visible to other threads reading the variable in the future. This can happen, for instance, if two threads concurrent execute doPullBearerAuth() and doPushBearerAuth(). Here is an example of a thread reading stale or outdated values of readOnlyBearerAuth:

Consider two threads t1 and t2 and let readOnlyBearerAuth==false. Consider that t1 executes doPullBearerAuth() and concurrently t2 executes doPushBearerAuth(). The following execution can occur:

1. t1 reads readOnlyBearerAuth as false in this line
2. t1 sets the corresponding authenticator
3. t2 reads readOnlyBearerAuth as false (because there is no happens-before relation between the write by t1 and this read and the java memory model does not ensure that the write by t1 is visible to t2)

Solution to the problem in this PR

Declaring readOnlyBearerAuth as volatile. This removes the data race, and it ensures (as per the java memory model) that the reads always read the latest write on readOnlyBearerAuth

Priority

The execution above may not always occur, but, when it does, it will set incorrectly authorization in the class RegistryClient.java.

Fixes #4374 🛠️