Github user benchristel commented on a diff in the pull request: https://github.com/apache/incubator-hawq/pull/1379#discussion_r201875770 --- Diff: pxf/pxf-service/src/main/java/org/apache/hawq/pxf/service/servlet/SecurityServletFilter.java --- @@ -89,32 +106,49 @@ public Boolean run() throws IOException, ServletException { }; // create proxy user UGI from the UGI of the logged in user and execute the servlet chain as that user - UserGroupInformation proxyUGI = null; + UGICacheEntry timedProxyUGI = cache.getTimedProxyUGI(session); try { - LOG.debug("Creating proxy user = " + user); - proxyUGI = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); - proxyUGI.doAs(action); + timedProxyUGI.getUGI().doAs(action); } catch (UndeclaredThrowableException ute) { // unwrap the real exception thrown by the action throw new ServletException(ute.getCause()); } catch (InterruptedException ie) { throw new ServletException(ie); - } finally { - try { - if (proxyUGI != null) { - LOG.debug("Closing FileSystem for proxy user = " + proxyUGI.getUserName()); - FileSystem.closeAllForUGI(proxyUGI); - } - } catch (Throwable t) { - LOG.warn("Error closing FileSystem for proxy user = " + proxyUGI.getUserName()); - } + } + finally { + // Optimization to cleanup the cache if it is the last fragment + boolean forceClean = (fragmentIndex != null && fragmentCount.equals(fragmentIndex)); + cache.release(timedProxyUGI, forceClean); } } else { // no user impersonation is configured chain.doFilter(request, response); } } + + private Integer getHeaderValueInt(ServletRequest request, String headerKey, boolean required) + throws IllegalArgumentException { + String value = getHeaderValue(request, headerKey, required); + return value != null ? Integer.valueOf(value) : null; --- End diff -- which is a subclass of `IllegalArgumentException`. Should we handle the `NumberFormatException` differently?
---