cmccabe opened a new pull request, #12662: URL: https://github.com/apache/kafka/pull/12662
Convert StandardAuthorizer to use copy-on-write data structures. The issue with the concurrent skiplist was that because it was modified while in use by StandardAuthorizer#authorize, we could sometimes expose an inconsistent state. For example, if we added a "deny principal foo", followed by "allow all", a request for principal foo might happen to see the second one, without seeing the first one, even though the first one was added first. In order to efficiently implement prefix ACLs, store them in a prefix tree. This ensures that we can check all prefix ACLs for a path in logarithmic time. Also implement Authorizer#authorizeByResourceType. The default implementation of this function is quite slow, so it is good to have an implementation in StandardAuthorizer. Finally, this PR renames AclAuthorizerBenchmark to AuthorizerBenchmark and extends it to report information about StandardAuthorizer as well as AclAuthorizer. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
