[ https://issues.apache.org/jira/browse/KAFKA-5261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mickael Maison resolved KAFKA-5261. ----------------------------------- Resolution: Won't Do > Performance improvement of SimpleAclAuthorizer > ---------------------------------------------- > > Key: KAFKA-5261 > URL: https://issues.apache.org/jira/browse/KAFKA-5261 > Project: Kafka > Issue Type: Improvement > Components: security > Affects Versions: 0.10.2.1 > Reporter: Stephane Maarek > Priority: Major > > Currently, looking at the KafkaApis class, it seems that every request going > through Kafka is also going through an authorize check: > {code} > private def authorize(session: Session, operation: Operation, resource: > Resource): Boolean = > authorizer.forall(_.authorize(session, operation, resource)) > {code} > The SimpleAclAuthorizer logic runs through checks which all look to be done > in linear time (except on first run) proportional to the number of acls on a > specific resource. This operation is re-run every time a client tries to use > a Kafka Api, especially on the very often called `handleProducerRequest` and > `handleFetchRequest` > I believe a cache could be built to store the result of the authorize call, > possibly allowing more expensive authorize() calls to happen, and reducing > greatly the CPU usage in the long run. The cache would be invalidated every > time a change happens to aclCache > Thoughts before I try giving it a go with a PR? -- This message was sent by Atlassian Jira (v8.20.10#820010)