From dbe1cec0dafeedc4dc63489d509276ba1839e354 Mon Sep 17 00:00:00 2001
From: Haohui Mai <wheat9@apache.org>
Date: Fri, 17 Apr 2015 10:59:47 -0700
Subject: [PATCH] HADOOP-11837. AuthenticationFilter should destroy
 SignerSecretProvider in Tomcat deployments. Contributed by Bowen Zhang.

---
 .../authentication/server/AuthenticationFilter.java         | 6 ++++++
 hadoop-common-project/hadoop-common/CHANGES.txt             | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
index 684e91c2bc9..203ee41996b 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
@@ -187,6 +187,7 @@ public class AuthenticationFilter implements Filter {
   private long validity;
   private String cookieDomain;
   private String cookiePath;
+  private boolean isInitializedByTomcat;
 
   /**
    * <p>Initializes the authentication filter and signer secret provider.</p>
@@ -252,6 +253,7 @@ public class AuthenticationFilter implements Filter {
         secretProvider = constructSecretProvider(
             filterConfig.getServletContext(),
             config, false);
+        isInitializedByTomcat = true;
       } catch (Exception ex) {
         throw new ServletException(ex);
       }
@@ -380,6 +382,10 @@ public class AuthenticationFilter implements Filter {
       authHandler.destroy();
       authHandler = null;
     }
+    if (secretProvider != null && isInitializedByTomcat) {
+      secretProvider.destroy();
+      secretProvider = null;
+    }
   }
 
   /**
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index c77bbb73134..83fc469ffb6 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -823,6 +823,9 @@ Release 2.7.0 - UNRELEASED
     HADOOP-11815. HttpServer2 should destroy SignerSecretProvider when it
     stops. (Rohith via wheat9)
 
+    HADOOP-11837. AuthenticationFilter should destroy SignerSecretProvider in
+    Tomcat deployments. (Bowen Zhang via wheat9)
+
 Release 2.6.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES