From acaafc317e63da541ff2a53809c7a414950368b4 Mon Sep 17 00:00:00 2001
From: Yulei-Yang <yulei.yang0699@gmail.com>
Date: Fri, 21 Mar 2025 20:22:31 +0800
Subject: [PATCH] [fix](ranger) make RangerDorisAccessController as singleton
 to avoid more and more ranger policy refresher

---
 .../doris/RangerDorisAccessController.java    | 19 +++++++++++++++++--
 .../privilege/AccessControllerManager.java    |  2 +-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/authorizer/ranger/doris/RangerDorisAccessController.java b/fe/fe-core/src/main/java/org/apache/doris/catalog/authorizer/ranger/doris/RangerDorisAccessController.java
index f9f571c0d0d066..509afc63c36f2d 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/authorizer/ranger/doris/RangerDorisAccessController.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/authorizer/ranger/doris/RangerDorisAccessController.java
@@ -46,21 +46,36 @@ public class RangerDorisAccessController extends RangerAccessController {
     private static final String GLOBAL_PRIV_FIXED_NAME = "*";
 
     private RangerBasePlugin dorisPlugin;
+
+    private static RangerDorisAccessController instance;
+
     // private static ScheduledThreadPoolExecutor logFlushTimer = ThreadPoolManager.newDaemonScheduledThreadPool(1,
     //        "ranger-doris-audit-log-flusher-timer", true);
     // private RangerHiveAuditHandler auditHandler;
 
-    public RangerDorisAccessController(String serviceName) {
+    private RangerDorisAccessController(String serviceName) {
         this(serviceName, null);
     }
 
-    public RangerDorisAccessController(String serviceName, RangerAuthContextListener rangerAuthContextListener) {
+    private RangerDorisAccessController(String serviceName, RangerAuthContextListener rangerAuthContextListener) {
         dorisPlugin = new RangerDorisPlugin(serviceName, rangerAuthContextListener);
         // auditHandler = new RangerHiveAuditHandler(dorisPlugin.getConfig());
         // start a timed log flusher
         // logFlushTimer.scheduleAtFixedRate(new RangerHiveAuditLogFlusher(auditHandler), 10, 20L, TimeUnit.SECONDS);
     }
 
+    public static RangerDorisAccessController getInstance(String serviceName) {
+        return getInstance(serviceName, null);
+    }
+
+    public static synchronized RangerDorisAccessController getInstance(String serviceName,
+            RangerAuthContextListener rangerAuthContextListener) {
+        if (instance == null) {
+            instance = new RangerDorisAccessController(serviceName, rangerAuthContextListener);
+        }
+        return instance;
+    }
+
     @VisibleForTesting
     public RangerDorisAccessController(RangerBasePlugin plugin) {
         dorisPlugin = plugin;
diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java
index 439a7e5a760331..23845982679816 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java
@@ -58,7 +58,7 @@ public class AccessControllerManager {
     public AccessControllerManager(Auth auth) {
         this.auth = auth;
         if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
-            defaultAccessController = new RangerDorisAccessController("doris");
+            defaultAccessController = RangerDorisAccessController.getInstance("doris");
         } else {
             defaultAccessController = new InternalAccessController(auth);
         }