mn.getSystemMetadata() dependent on CN being available
while testing demo2 while cn-dev was unreachable, I got the following exception from a mn.getSystemMetadata call:
java.lang.AssertionError: ServiceFailure: 0 Client_Error: class
org.apache.http.conn.HttpHostConnectException: Connection to https://cn-dev.dataone.org refused [for host
Looking at D1NodeService.getSystemMetadata() in metacat, it appears that the session first attempts to authorize against the object's replica nodes' subjects (via cn.listNodes()) prior to checking the accessPolicy of the sysmeta that's in-hand.
I think this is a mistake, partly because it makes getSystemMetadata dependent on the availability of the CN, and partly because it puts a time-consuming http call (cn.listNodes()) in front of a less expensive local one (isAuthorized()).
It would work more reliably and independently if it were the other way around, and isAuthorized() preceded the section calling cn.listNodes(). It would reduce the number of calls to the CNs, too, especially if the node list could be cached.