AuditConstraint and NonAuditConstraint are creating a PathAddress for every authorization call. Fix this:

1) The Action class could conceivably provide the PathAddress, same as TargetResource/Attribute does. But, really the address of the action and the target should be the same. The Authorizer impl could probably just add this to enforce that:

assert assertSameAddress(action, target);

2) Given the address of the action and target are the same, AuditConstraint and NonAuditConstraint should drop their check of the action address. They also check the target address, so the action check is redundant.