jerryshao opened a new issue, #11135: URL: https://github.com/apache/gravitino/issues/11135
## Describe the subtask On every authorized request, `BaseMetadataAuthorizationMethodInterceptor` constructs a new `AuthorizationExpressionEvaluator`, which re-runs the OGNL string conversion and re-parses the expression from scratch. Both the conversion and the parse produce the same result for a given method since the expression is fixed at annotation-declaration time. Empirically measured at ~92μs/table on listTables, producing ~787ms latency for a 7,748-table namespace. Projected to ~9 seconds at 100K tables — linearly scaling with namespace size because the parse is invoked once per table inside the auth-filter loop. **Files:** - `iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/server/web/filter/BaseMetadataAuthorizationMethodInterceptor.java:165-166` - `server-common/src/main/java/org/apache/gravitino/server/authorization/expression/AuthorizationExpressionEvaluator.java:55-70` - `server-common/src/main/java/org/apache/gravitino/server/authorization/expression/AuthorizationExpressionEvaluator.java:139-161` **Fix:** Cache the parsed OGNL `Node` (returned by `Ognl.parseExpression(String)`) per method. Use `Ognl.getValue(Node, OgnlContext)` overload to evaluate against the pre-parsed AST. Per-request work is reduced to constructing the `OgnlContext`, which must remain per-request as it carries the principal and metadata identifiers. ## Parent issue https://github.com/apache/gravitino/issues/11131 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
