Metacat

We're seeing poor performance in calls to D1NodeService.isAuthorized() on https://arcticdata.io. When the system Metacat is under light load (< 10 requests per second), calls to isAuthorized() are taking up to 35 seconds to return either an HTTP 200 response or a HTTP 403 exception.

Change isAuthorized() to prioritize user-based authorization first, and then CN or MN authorization last. This should increase performance for end users, whereas MN to MN replication calls and CN-administrative calls will be slightly less prioritized.

Note that calls to userHasPermission() involve token verification using the PortalCertificateManager and the TokenGenerator. These calls may be repeatedly making a call to the CN to get the SSL certificate for verification if it is not cached. If this change doesn't significantly improve performance, look into refactoring those classes in d1_portal to cache and use the certificate, unless there is a verification exception, in which case we make the call to fetchCertificate() again, re-cache it, and attempt to re-verify the token. If it still fails, throw NotAuthorized.