Author: kihwal
Date: Thu May 16 19:12:37 2013
New Revision: 1483513
URL: http://svn.apache.org/r1483513
Log:
HDFS-4477. Secondary namenode may retain old tokens. Contributed by Daryn Sharp.
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java?rev=1483513&r1=1483512&r2=1483513&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
Thu May 16 19:12:37 2013
@@ -27,8 +27,10 @@ import java.io.DataInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
+import java.util.Set;
import javax.crypto.SecretKey;
@@ -140,6 +142,10 @@ extends AbstractDelegationTokenIdentifie
return;
}
+ protected void logExpireToken(TokenIdent ident) throws IOException {
+ return;
+ }
+
/**
* Update the current master key
* This is called once by startThreads before tokenRemoverThread is created,
@@ -359,15 +365,25 @@ extends AbstractDelegationTokenIdentifie
}
/** Remove expired delegation tokens from cache */
- private synchronized void removeExpiredToken() {
+ private void removeExpiredToken() throws IOException {
long now = System.currentTimeMillis();
- Iterator<DelegationTokenInformation> i = currentTokens.values().iterator();
- while (i.hasNext()) {
- long renewDate = i.next().getRenewDate();
- if (now > renewDate) {
- i.remove();
+ Set<TokenIdent> expiredTokens = new HashSet<TokenIdent>();
+ synchronized (this) {
+ Iterator<Map.Entry<TokenIdent, DelegationTokenInformation>> i =
+ currentTokens.entrySet().iterator();
+ while (i.hasNext()) {
+ Map.Entry<TokenIdent, DelegationTokenInformation> entry = i.next();
+ long renewDate = entry.getValue().getRenewDate();
+ if (renewDate < now) {
+ expiredTokens.add(entry.getKey());
+ i.remove();
+ }
}
}
+ // don't hold lock on 'this' to avoid edit log updates blocking token ops
+ for (TokenIdent ident : expiredTokens) {
+ logExpireToken(ident);
+ }
}
public void stopThreads() {
