You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by am...@apache.org on 2019/01/24 17:10:28 UTC

[sentry] branch master updated: SENTRY-1797: SentryKerberosContext should use periodic executor instead of managing periodic execution via run() method. (Haley Reeve reviewed by Arjun Mishra)

This is an automated email from the ASF dual-hosted git repository.

amishra pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sentry.git


The following commit(s) were added to refs/heads/master by this push:
     new 447e643  SENTRY-1797: SentryKerberosContext should use periodic executor instead of managing periodic execution via run() method. (Haley Reeve reviewed by Arjun Mishra)
447e643 is described below

commit 447e643fd55ff193f544341e0341fd909f818f34
Author: amishra <am...@cloudera.com>
AuthorDate: Thu Jan 24 11:09:27 2019 -0600

    SENTRY-1797: SentryKerberosContext should use periodic executor instead of managing periodic execution via run() method. (Haley Reeve reviewed by Arjun Mishra)
    
    Change-Id: I0fa43f2fcc9c84688e216dfc181845edd73e3d9d
---
 .../service/thrift/SentryKerberosContext.java      | 52 +++++++++-------------
 1 file changed, 20 insertions(+), 32 deletions(-)

diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java
index efb8ae6..e3747d6 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/SentryKerberosContext.java
@@ -21,7 +21,7 @@ package org.apache.sentry.service.thrift;
 import java.io.File;
 import java.util.HashSet;
 import java.util.Set;
-import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.*;
 
 import javax.security.auth.Subject;
 import javax.security.auth.kerberos.KerberosPrincipal;
@@ -39,13 +39,13 @@ public class SentryKerberosContext implements Runnable {
 
   private static final String KERBEROS_RENEWER_THREAD_NAME = "kerberos-renewer-%d";
   private static final float TICKET_RENEW_WINDOW = 0.80f;
+  private static final long CHECK_REFRESH_INTERVAL = 30L;
   private static final Logger LOGGER = LoggerFactory
       .getLogger(SentryKerberosContext.class);
   private LoginContext loginContext;
   private Subject subject;
   private final javax.security.auth.login.Configuration kerberosConfig;
-  private Thread renewerThread;
-  private boolean shutDownRenewer = false;
+  private ScheduledExecutorService renewerService;
 
   public SentryKerberosContext(String principal, String keyTab, boolean server)
       throws LoginException {
@@ -89,7 +89,6 @@ public class SentryKerberosContext implements Runnable {
    * Get the Kerberos TGT
    * @return the user's TGT or null if none was found
    */
-  @Deprecated
   private KerberosTicket getTGT() {
     Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
     for(KerberosTicket ticket: tickets) {
@@ -116,47 +115,36 @@ public class SentryKerberosContext implements Runnable {
   @Override
   public void run() {
     try {
-      LOGGER.info("Sentry Ticket renewer thread started");
-      while (!shutDownRenewer) {
-        KerberosTicket tgt = getTGT();
-        if (tgt == null) {
-          LOGGER.warn("No ticket found in the cache");
-          return;
-        }
-        long nextRefresh = getRefreshTime(tgt);
-        while (System.currentTimeMillis() < nextRefresh) {
-          Thread.sleep(1000);
-          if (shutDownRenewer) {
-            return;
-          }
-        }
+      KerberosTicket tgt = getTGT();
+      if (tgt == null) {
+        LOGGER.warn("No ticket found in the cache");
+        return;
+      }
+      long nextRefresh = getRefreshTime(tgt);
+      if (System.currentTimeMillis() >= nextRefresh) {
         loginWithNewContext();
         LOGGER.debug("Renewed ticket");
       }
-    } catch (InterruptedException e1) {
-      LOGGER.warn("Sentry Ticket renewer thread interrupted", e1);
-      return;
     } catch (LoginException e) {
       LOGGER.warn("Failed to renew ticket", e);
-    } finally {
-      logoutSubject();
-      LOGGER.info("Sentry Ticket renewer thread finished");
     }
   }
 
   public void startRenewerThread() {
     ThreadFactory renewerThreadFactory = new ThreadFactoryBuilder()
-        .setNameFormat(KERBEROS_RENEWER_THREAD_NAME)
-        .build();
-    renewerThread = renewerThreadFactory.newThread(this);
-    renewerThread.start();
+            .setNameFormat(KERBEROS_RENEWER_THREAD_NAME)
+            .build();
+    renewerService = Executors.newSingleThreadScheduledExecutor(renewerThreadFactory);
+    renewerService.scheduleWithFixedDelay(
+            this, CHECK_REFRESH_INTERVAL, CHECK_REFRESH_INTERVAL, TimeUnit.SECONDS);
+    LOGGER.info("Sentry Ticket renewer thread started");
   }
 
   public void shutDown() throws LoginException {
-    if (renewerThread != null) {
-      shutDownRenewer = true;
-    } else {
-      logoutSubject();
+    if (renewerService != null) {
+      renewerService.shutdownNow();
+      LOGGER.info("Sentry Ticket renewer thread finished");
     }
+    logoutSubject();
   }
 }