jerryshao commented on code in PR #10908:
URL: https://github.com/apache/gravitino/pull/10908#discussion_r3165592631
##########
server-common/src/main/java/org/apache/gravitino/server/authorization/jcasbin/JcasbinAuthorizer.java:
##########
@@ -89,6 +94,16 @@ public class JcasbinAuthorizer implements
GravitinoAuthorizer {
private Cache<Long, Optional<Long>> ownerRel;
+ /**
+ * Per-role policy index that mirrors what we hand to the JCasbin enforcers.
Lookups in the hot
+ * path go through this map so an authorize call costs O(roles_per_user)
hash probes instead of
+ * scanning every policy line in the enforcer. Lifecycle is tied to {@link
#loadedRoles}: entries
+ * are written before {@code loadedRoles.put} and removed from {@code
loadedRoles}'s removal
+ * listener so the two caches can never disagree on what a role grants.
+ */
+ private final ConcurrentHashMap<Long, Map<PolicyKey, Effect>> roleIndex =
+ new ConcurrentHashMap<>();
Review Comment:
Do we have concurrency issue here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
