Re: [PR] [#9770] improvement(authz): Convert Jcasbin internal map to the cache [gravitino]

Tue, 27 Jan 2026 05:39:59 -0800 


hdygxsj commented on code in PR #9812:
URL: https://github.com/apache/gravitino/pull/9812#discussion_r2732068219


##########
server-common/src/main/java/org/apache/gravitino/server/authorization/jcasbin/JcasbinAuthorizer.java:
##########
@@ -84,14 +84,40 @@ public class JcasbinAuthorizer implements 
GravitinoAuthorizer {
    * loadedRoles is used to cache roles that have loaded permissions. When the 
permissions of a role
    * are updated, they should be removed from it.
    */
-  private Set<Long> loadedRoles = ConcurrentHashMap.newKeySet();
+  private Cache<Long, Boolean> loadedRoles;
 
-  private Map<Long, Long> ownerRel = new ConcurrentHashMap<>();
+  private Cache<Long, Optional<Long>> ownerRel;
 
   private Executor executor = null;
 
   @Override
   public void initialize() {
+    long cacheExpirationSecs =
+        GravitinoEnv.getInstance()
+            .config()
+            .get(Configs.GRAVITINO_AUTHORIZATION_CACHE_EXPIRATION_SECS);
+    long roleCacheSize =
+        
GravitinoEnv.getInstance().config().get(Configs.GRAVITINO_AUTHORIZATION_ROLE_CACHE_SIZE);
+    long ownerCacheSize =
+        
GravitinoEnv.getInstance().config().get(Configs.GRAVITINO_AUTHORIZATION_OWNER_CACHE_SIZE);
+    loadedRoles =
+        Caffeine.newBuilder()
+            .expireAfterWrite(cacheExpirationSecs, TimeUnit.SECONDS)
+            .maximumSize(roleCacheSize)
+            .executor(Runnable::run)
+            .removalListener(
+                (roleId, value, cause) -> {

Review Comment:
   Same as above, should we adjust the expiration policy—for example, by 
refreshing the expiration time upon access?
   
   
   
   
   
   
   



##########
server-common/src/main/java/org/apache/gravitino/server/authorization/jcasbin/JcasbinAuthorizer.java:
##########
@@ -489,7 +514,7 @@ private void loadRolePrivilege(
   }
 
   private void loadOwnerPolicy(String metalake, MetadataObject metadataObject, 
Long metadataId) {
-    if (ownerRel.containsKey(metadataId)) {
+    if (ownerRel.getIfPresent(metadataId) != null) {

Review Comment:
   When the owner is about to expire, could it be possible that the owner is 
fetched here (thus skipping the "load owner" step), but then actually expires 
by the time it's accessed, leading to an incorrect authorization check?
   
   
   
   
   
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to