From c6b5203cfdfccfa22ad5379b7fee75fed850d95e Mon Sep 17 00:00:00 2001 From: Haohui Mai Date: Fri, 17 Apr 2015 10:59:47 -0700 Subject: [PATCH] HADOOP-11837. AuthenticationFilter should destroy SignerSecretProvider in Tomcat deployments. Contributed by Bowen Zhang. --- .../authentication/server/AuthenticationFilter.java | 6 ++++++ hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ 2 files changed, 9 insertions(+) diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java index 684e91c2bc..203ee41996 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java @@ -187,6 +187,7 @@ public class AuthenticationFilter implements Filter { private long validity; private String cookieDomain; private String cookiePath; + private boolean isInitializedByTomcat; /** *

Initializes the authentication filter and signer secret provider.

@@ -252,6 +253,7 @@ protected void initializeSecretProvider(FilterConfig filterConfig) secretProvider = constructSecretProvider( filterConfig.getServletContext(), config, false); + isInitializedByTomcat = true; } catch (Exception ex) { throw new ServletException(ex); } @@ -380,6 +382,10 @@ public void destroy() { authHandler.destroy(); authHandler = null; } + if (secretProvider != null && isInitializedByTomcat) { + secretProvider.destroy(); + secretProvider = null; + } } /** diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index bb2eca5387..a48baf8c5f 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -1248,6 +1248,9 @@ Release 2.7.0 - UNRELEASED HADOOP-11815. HttpServer2 should destroy SignerSecretProvider when it stops. (Rohith via wheat9) + HADOOP-11837. AuthenticationFilter should destroy SignerSecretProvider in + Tomcat deployments. (Bowen Zhang via wheat9) + Release 2.6.1 - UNRELEASED INCOMPATIBLE CHANGES