> There is a race condition in UserGroupInformationManager::getUgiForUser
I was aware of it and chose to punt on it since it doesn't affect correctness (the worst can happen is a few extra ugi objects get created and immediately garbage collected) and I was reluctant to make it a synchronized method since it may launch a shell command. Now that you view it as a problem, I've changed the code to use synchronized methods and no longer synchronize on the ugiCache object. This problem should go away.
> It introduces a race condition in the jspHelper field initialization
This is essentially the same issue as the above and I again chose to punt on it. As we discussed, the proper fix should be making jspHelper a singleton. I'll leave that to a separate JIRA and simply noted it in the source code.
> Why does ProxyHttpServer not extend or own an HttpServer?
For easier porting to 17, 18 and 19.
> I don't understand why the proxy would return a status of 402
Just a return code I picked that doesn't already have a defined semantics.
> Calling System.exit from createHdfsProxy is unnecessarily forceful...
I still prefer the code in the patch.
Your other comments are incorporated into the new patch. Thanks!