Does Glu need to keep authorizing the users while the deployment is being executed and the users who are only viewing the deployment? We noticed it because that we have implemented our authorization plugin, UserService_pre_authorize and UserService_post_authorize keep being called while a user is viewing the deployment and executing the deployment.
Every time there is a request to the console whether for fetching a brand new page or via ajax to redisplay portions of the page (which is what happens during deployment), it goes through the same security flow. It has to. HTTP is a stateless protocol. Otherwise it would not be secure. Hence the call to the to the pre/post methods