yuqi1129 opened a new pull request, #10776:
URL: https://github.com/apache/gravitino/pull/10776
> **Stacked PR** — depends on #10774 and #10775. Please review/merge those
PRs first.
### What changes were proposed in this pull request?
- Replace TTL-based cache in `JcasbinAuthorizer` with DB-version-validated
caches:
- `loadedRoles: GravitinoCache<Long, Integer>` (roleId →
securableObjectsVersion)
- `userRoleCache: GravitinoCache<String, CachedUserRoles>` (metalake:user
→ roleGrantsVersion + roleIds)
- On each `authorize()` call: fetch user's `roleGrantsVersion` from DB; on
version mismatch re-load role list and re-validate each role's
`securableObjectsVersion`
- Owner check uses `OwnerRelInfoPO` projection instead of fetching full
entity
- Remove async `executor` field; all cache operations are now synchronous
- Rewrite `TestJcasbinAuthorizer` to match the new synchronous implementation
### Why are the changes needed?
TTL-based cache eviction can leave stale policies active for up to N seconds
after a permission change. Version-validated invalidation detects staleness on
the next request, improving both security and correctness.
Fix: #10772
### Does this PR introduce _any_ user-facing change?
No user-facing API changes. Authorization behaviour is unchanged; only the
caching mechanism is improved.
### How was this patch tested?
`TestJcasbinAuthorizer` covers: basic authorize, owner-based authorize, role
cache invalidation on version mismatch, synchronous removal listener deleting
Casbin policy, cache initialization, version validation, and metadata-privilege
check (7 test cases total).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
