[jira] [Created] (KAFKA-19782) Improve perfomance Authorizer.authorizeByResourceType by using Prefix Trie

[Evgeny Kuvardin (Jira)]

Evgeny Kuvardin created KAFKA-19782:
---------------------------------------

             Summary: Improve perfomance Authorizer.authorizeByResourceType by 
using Prefix Trie
                 Key: KAFKA-19782
                 URL: https://issues.apache.org/jira/browse/KAFKA-19782
             Project: Kafka
          Issue Type: Improvement
          Components: clients
            Reporter: Evgeny Kuvardin


Class Authorizer.authorizeByResourceType under the hood uses HashMap for 
check if the caller is authorized to perform the given ACL operation on at 
least one resource of the given type.

It check each character in allowPatterns and pass to deny patterns

{code:java}
// For any literal allowed, if there's no dominant literal and prefix denied, 
return allow.
        // For any prefix allowed, if there's no dominant prefix denied, return 
allow.
        for (Map.Entry<PatternType, Set<String>> entry : 
allowPatterns.entrySet()) {
            for (String allowStr : entry.getValue()) {
                if (entry.getKey() == PatternType.LITERAL
                        && 
denyPatterns.get(PatternType.LITERAL).contains(allowStr))
                    continue;
                StringBuilder sb = new StringBuilder();
                boolean hasDominatedDeny = false;
                for (char ch : allowStr.toCharArray()) {
                    sb.append(ch);
                    if 
(denyPatterns.get(PatternType.PREFIXED).contains(sb.toString())) {
                        hasDominatedDeny = true;
                        break;
                    }
                }
                if (!hasDominatedDeny)
                    return AuthorizationResult.ALLOWED;
            }
        }
{code}

To improve performance better use Prefix Tree




--
This message was sent by Atlassian Jira
(v8.20.10#820010)