[#11781] fix(idp-basic): Cache Basic auth group names by username

[lasdf1234]

What changes were proposed in this pull request?

Add IdpUserGroupsCache to cache built-in IdP group names keyed by username during Basic authentication, reducing relational store lookups on repeated requests. Password verification still uses getIdpUserByUsername on every request; only group membership is cached. Invalidate cached group names when users are removed, group membership changes, or a group is force-deleted. Add server configs gravitino.authenticator.basic.groupsCacheTtlSecs (default 3600) and gravitino.authenticator.basic.groupsCacheSize (default 10000), documented in the built-in IDP guide.

Why are the changes needed?

Basic authentication previously loaded full user metadata (including group membership) from the relational store on every request. Group authorization adds extra DB work compared to user-only checks. This change caches group names per username while preserving per-request password verification, as discussed in #11781.

Fix: #11781

Does this PR introduce any user-facing change?

Yes, two new optional configuration keys:

• gravitino.authenticator.basic.groupsCacheTtlSecs — TTL in seconds for the per-username group names cache (default 3600)
• gravitino.authenticator.basic.groupsCacheSize — maximum number of cached usernames (default 10000)

No existing keys or default authentication behavior change.

How was this patch tested?

• ./gradlew :plugins:idp-basic:test -PskipITs
• TestIdpUserGroupsCache — cache hit/miss and invalidation
• TestIdpUserGroupManager — auth with groups, wrong/old password, cache invalidation on membership change and user removal
• TestBasicAuthenticator and TestBasicAuthenticationIntegration

[lasdf1234]

@yuqi1129 Could you help me to review this code?THX~

[github-actions]

Code Coverage Report

Overall Project	67.25% +0.17%	🟢
Files changed	96.34%	🟢

Module	Coverage
aliyun	1.72%	🔴
api	46.82%	🟢
authorization-common	85.96%	🟢
aws	26.5%	🔴
azure	2.47%	🔴
catalog-common	10.4%	🔴
catalog-fileset	80.23%	🟢
catalog-glue	66.91%	🟢
catalog-hive	79.42%	🟢
catalog-jdbc-clickhouse	80.02%	🟢
catalog-jdbc-common	44.22%	🟢
catalog-jdbc-doris	80.28%	🟢
catalog-jdbc-hologres	54.03%	🟢
catalog-jdbc-mysql	79.23%	🟢
catalog-jdbc-oceanbase	80.91%	🟢
catalog-jdbc-postgresql	82.29%	🟢
catalog-jdbc-starrocks	78.51%	🟢
catalog-kafka	77.01%	🟢
catalog-lakehouse-generic	58.53%	🟢
catalog-lakehouse-hudi	79.1%	🟢
catalog-lakehouse-iceberg	85.86%	🟢
catalog-lakehouse-paimon	82.14%	🟢
catalog-model	77.72%	🟢
cli	44.51%	🟢
client-java	78.01%	🟢
common	50.17%	🟢
core	82.6% +0.19%	🟢
filesystem-hadoop3	77.27%	🟢
flink	0.0%	🔴
flink-common	47.12%	🟢
flink-runtime	0.0%	🔴
gcp	14.12%	🔴
hadoop-common	10.88%	🔴
hive-metastore-common	53.77%	🟢
iceberg-common	58.15%	🟢
iceberg-rest-server	73.9%	🟢
idp-basic	86.05% +1.84%	🟢
integration-test-common	0.0%	🔴
jobs	66.17%	🟢
lance-common	20.83%	🔴
lance-rest-server	60.13%	🟢
lineage	53.02%	🟢
optimizer	82.95%	🟢
optimizer-api	21.95%	🔴
server	86.09%	🟢
server-common	74.18%	🟢
spark	28.57%	🔴
spark-common	41.66%	🟢
trino-connector	40.25%	🟢

Files

Module	File	Coverage
core	Configs.java	98.12%	🟢
idp-basic	IdpUserGroupsCache.java	100.0%	🟢
	IdpGroupMetaService.java	95.45%	🟢
	IdpUserGroupManager.java	90.43%	🟢

[yuqi1129]

We need to consider the cache consistency in a multiple-node deployment.

[roryqi]

We should avoid using cache if possible. We should optimize the SQL query to select complete information once.

[lasdf1234]

We should avoid using cache if possible. We should optimize the SQL query to select complete information once.

SQL has been optimized to handle data with the least amount of I/O operations.

[lasdf1234]

After conducting tests, I found that the bottleneck was not in the database query. This PR has been temporarily converted to a draft PR.