HADOOP-11815. HttpServer2 should destroy SignerSecretProvider when it stops. Contributed by Rohith.

hadoop-common-project/hadoop-common/CHANGES.txt

@@ -1223,6 +1223,9 @@ Release 2.7.0 - UNRELEASED
     HADOOP-11796. Skip TestShellBasedIdMapping.testStaticMapUpdate on Windows.
     (Xiaoyu Yao via cnauroth)
 
+    HADOOP-11815. HttpServer2 should destroy SignerSecretProvider when it
+    stops. (Rohith via wheat9)
+
 Release 2.6.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java

@@ -140,6 +140,7 @@ public final class HttpServer2 implements FilterContainer {
   protected final List<String> filterNames = new ArrayList<>();
   static final String STATE_DESCRIPTION_ALIVE = " - alive";
   static final String STATE_DESCRIPTION_NOT_LIVE = " - not live";
+  private final SignerSecretProvider secretProvider;
 
   /**
    * Class to construct instances of HTTP server with specific options.
@@ -335,7 +336,7 @@ public final class HttpServer2 implements FilterContainer {
     this.adminsAcl = b.adminsAcl;
     this.webAppContext = createWebAppContext(b.name, b.conf, adminsAcl, appDir);
     try {
-      SignerSecretProvider secretProvider =
+      this.secretProvider =
           constructSecretProvider(b, webAppContext.getServletContext());
       this.webAppContext.getServletContext().setAttribute
           (AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE,
@@ -913,6 +914,8 @@ public final class HttpServer2 implements FilterContainer {
     }
 
     try {
+      // explicitly destroy the secrete provider
+      secretProvider.destroy();
       // clear & stop webAppContext attributes to avoid memory leaks.
       webAppContext.clearAttributes();
       webAppContext.stop();