From 5f8641e908b16f0a3e7572a6e17e7bb6356c6112 Mon Sep 17 00:00:00 2001
From: Min Chen <min.chen@citrix.com>
Date: Fri, 9 May 2014 11:10:26 -0700
Subject: [PATCH] CLOUDSTACK-6600: fix a bug in IAM cache in constructing cache
 key.

---
 .../apache/cloudstack/iam/RoleBasedEntityAccessChecker.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index b384d7c3f14..e8a41efdbb4 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -66,6 +66,9 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
         String entityType = null;
         if (entity != null && entity.getEntityType() != null) {
             entityType = entity.getEntityType().getSimpleName();
+            if (entity instanceof InternalIdentity) {
+                entityType += ((InternalIdentity)entity).getId();
+            }
         }
         key.append(entityType != null ? entityType : "null");
         key.append("-");
@@ -91,7 +94,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
         String accessKey = buildAccessCacheKey(caller, entity, accessType, action);
         CheckAccessResult allowDeny = (CheckAccessResult)_iamSrv.getFromIAMCache(accessKey);
         if (allowDeny != null) {
-            s_logger.debug("IAM access check for " + accessKey + " from cache");
+            s_logger.debug("IAM access check for " + accessKey + " from cache: " + allowDeny.isAllow());
             if (allowDeny.isAllow()) {
                 return true;
             } else {