Github user lavjain commented on a diff in the pull request:
https://github.com/apache/incubator-hawq/pull/1379#discussion_r200168483
--- Diff:
pxf/pxf-service/src/main/java/org/apache/hawq/pxf/service/servlet/SecurityServletFilter.java
---
@@ -89,32 +182,98 @@ public Boolean run() throws IOException,
ServletException {
};
// create proxy user UGI from the UGI of the logged in user
and execute the servlet chain as that user
- UserGroupInformation proxyUGI = null;
+ TimedProxyUGI timedProxyUGI = getTimedProxyUGI(user, session);
try {
- LOG.debug("Creating proxy user = " + user);
- proxyUGI = UserGroupInformation.createProxyUser(user,
UserGroupInformation.getLoginUser());
- proxyUGI.doAs(action);
+ timedProxyUGI.proxyUGI.doAs(action);
} catch (UndeclaredThrowableException ute) {
// unwrap the real exception thrown by the action
throw new ServletException(ute.getCause());
} catch (InterruptedException ie) {
throw new ServletException(ie);
- } finally {
- try {
- if (proxyUGI != null) {
- LOG.debug("Closing FileSystem for proxy user = " +
proxyUGI.getUserName());
- FileSystem.closeAllForUGI(proxyUGI);
- }
- } catch (Throwable t) {
- LOG.warn("Error closing FileSystem for proxy user = "
+ proxyUGI.getUserName());
- }
+ }
+ finally {
+ release(timedProxyUGI, fragmentIndex, fragmentCount);
}
} else {
// no user impersonation is configured
chain.doFilter(request, response);
}
}
+ private TimedProxyUGI getTimedProxyUGI(String user,
SegmentTransactionId session) throws IOException {
+ synchronized (session.segmentTransactionId.intern()) {
--- End diff --
Agreed. Using the lock on interned string helped me to test the logic
without any explicit lock management.
---
