Improve D1NodeService.isAuthorized() performance
We're seeing poor performance in calls to
D1NodeService.isAuthorized() on https://arcticdata.io. When the system Metacat is under light load (< 10 requests per second), calls to
isAuthorized() are taking up to 35 seconds to return either an
HTTP 200 response or a
HTTP 403 exception.
isAuthorized() to prioritize user-based authorization first, and then CN or MN authorization last. This should increase performance for end users, whereas MN to MN replication calls and CN-administrative calls will be slightly less prioritized.
Note that calls to
userHasPermission() involve token verification using the
PortalCertificateManager and the
TokenGenerator. These calls may be repeatedly making a call to the CN to get the SSL certificate for verification if it is not cached. If this change doesn't significantly improve performance, look into refactoring those classes in
d1_portal to cache and use the certificate, unless there is a verification exception, in which case we make the call to
fetchCertificate() again, re-cache it, and attempt to re-verify the token. If it still fails, throw