Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-5124. DelegationTokenSecretManager#retrievePassword can cause deadlock in NameNode. Contributed by Daryn Sharp. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1516671 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jing Zhao 2013-08-23 00:55:53 +00:00
parent 740f4cb97a
commit 7cfbfe52f1
2 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
View File

@ -383,6 +383,9 @@ Release 2.1.1-beta - UNRELEASED
HDFS-4594. WebHDFS open sets Content-Length header to what is specified by HDFS-4594. WebHDFS open sets Content-Length header to what is specified by
length parameter rather than how much data is actually returned. (cnauroth) length parameter rather than how much data is actually returned. (cnauroth)
HDFS-5124. DelegationTokenSecretManager#retrievePassword can cause deadlock
in NameNode. (Daryn Sharp via jing9)
Release 2.1.0-beta - 2013-08-22 Release 2.1.0-beta - 2013-08-22
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

15
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java
View File

@ -82,7 +82,7 @@ public class DelegationTokenSecretManager
} }
@Override @Override
public synchronized byte[] retrievePassword( public byte[] retrievePassword(
DelegationTokenIdentifier identifier) throws InvalidToken { DelegationTokenIdentifier identifier) throws InvalidToken {
try { try {
// this check introduces inconsistency in the authentication to a // this check introduces inconsistency in the authentication to a
@ -91,7 +91,7 @@ public class DelegationTokenSecretManager
// different in that a standby may be behind and thus not yet know // different in that a standby may be behind and thus not yet know
// of all tokens issued by the active NN. the following check does // of all tokens issued by the active NN. the following check does
// not allow ANY token auth, however it should allow known tokens in // not allow ANY token auth, however it should allow known tokens in
checkAvailableForRead(); namesystem.checkOperation(OperationCategory.READ);
} catch (StandbyException se) { } catch (StandbyException se) {
// FIXME: this is a hack to get around changing method signatures by // FIXME: this is a hack to get around changing method signatures by
// tunneling a non-InvalidToken exception as the cause which the // tunneling a non-InvalidToken exception as the cause which the
@ -103,17 +103,6 @@ public class DelegationTokenSecretManager
return super.retrievePassword(identifier); return super.retrievePassword(identifier);
} }
@Override //SecretManager
public void checkAvailableForRead() throws StandbyException {
namesystem.checkOperation(OperationCategory.READ);
namesystem.readLock();
try {
namesystem.checkOperation(OperationCategory.READ);
} finally {
namesystem.readUnlock();
}
}
/** /**
* Returns expiry time of a token given its identifier. * Returns expiry time of a token given its identifier.
* *