Add first MicroMeter implementation

Author: LEDfan

pom.xml

@@ -240,7 +240,10 @@
 			<artifactId>mysql-connector-java</artifactId>
 		</dependency>
 
-
+		<dependency>
+			<groupId>io.micrometer</groupId>
+			<artifactId>micrometer-registry-prometheus</artifactId>
+		</dependency>
 
 		<!-- Kubernetes -->
 		<dependency>

src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java

@@ -21,6 +21,7 @@
 package eu.openanalytics.containerproxy;
 
 import com.fasterxml.jackson.datatype.jsr353.JSR353Module;
+import eu.openanalytics.containerproxy.session.undertow.CustomSessionManagerFactory;
 import eu.openanalytics.containerproxy.util.ProxyMappingManager;
 import io.undertow.Handlers;
 import io.undertow.servlet.api.ServletSessionConfig;
@@ -31,15 +32,20 @@
 import org.springframework.boot.actuate.health.HealthIndicator;
 import org.springframework.boot.actuate.redis.RedisHealthIndicator;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
 import org.springframework.boot.web.server.PortInUseException;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.core.env.Environment;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
 import org.springframework.session.data.redis.config.ConfigureRedisAction;
 import org.springframework.session.web.http.DefaultCookieSerializer;
+import org.springframework.session.security.SpringSessionBackedSessionRegistry;
 import org.springframework.web.filter.FormContentFilter;
 
 import javax.annotation.PostConstruct;
@@ -98,6 +104,9 @@ public void init() {
 		defaultCookieSerializer.setSameSite(sameSiteCookie);
 	}
 
+	@Inject
+	private CustomSessionManagerFactory customSessionManagerFactory;
+
 	@Bean
 	public UndertowServletWebServerFactory servletContainer() {
 		UndertowServletWebServerFactory factory = new UndertowServletWebServerFactory();
@@ -113,6 +122,7 @@ public UndertowServletWebServerFactory servletContainer() {
 			sessionConfig.setHttpOnly(true);
 			sessionConfig.setSecure(Boolean.valueOf(environment.getProperty("server.secureCookies", "false")));
 			info.setServletSessionConfig(sessionConfig);
+			info.setSessionManagerFactory(customSessionManagerFactory);
 		});
 		try {
 			factory.setAddress(InetAddress.getByName(environment.getProperty("proxy.bind-address", "0.0.0.0")));
@@ -152,6 +162,12 @@ public static ConfigureRedisAction configureRedisAction() {
 		return ConfigureRedisAction.NO_OP;
 	}
 
+	@Bean
+	@ConditionalOnProperty(name = "spring.session.store-type", havingValue = "redis")
+	public <S extends Session> SessionRegistry sessionRegistry(FindByIndexNameSessionRepository<S> sessionRepository) {
+		return new SpringSessionBackedSessionRegistry<S>(sessionRepository);
+	}
+
 	@Bean
 	public HealthIndicator redisSessionHealthIndicator(RedisConnectionFactory rdeRedisConnectionFactory) {
 		if (Objects.equals(environment.getProperty("spring.session.store-type"), "redis")) {

src/main/java/eu/openanalytics/containerproxy/auth/UserLogoutHandler.java

@@ -24,6 +24,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import eu.openanalytics.containerproxy.session.UserSessionLogoutEvent;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.stereotype.Component;
@@ -35,10 +37,19 @@ public class UserLogoutHandler implements LogoutHandler {
 
 	@Inject
 	private UserService userService;
+
+	@Inject
+	private ApplicationEventPublisher applicationEventPublisher;
 
 	@Override
 	public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 		userService.logout(authentication);
+
+		// TODO test for anonymous users
+		applicationEventPublisher.publishEvent(new UserSessionLogoutEvent(
+				this,
+				authentication.getName(),
+				request.getSession().getId()));
 	}
 
 }

src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java

@@ -116,7 +116,8 @@ protected void configure(HttpSecurity http) throws Exception {
 		http.authorizeRequests().antMatchers("/actuator/health").permitAll();
 		http.authorizeRequests().antMatchers("/actuator/health/readiness").permitAll();
 		http.authorizeRequests().antMatchers("/actuator/health/liveness").permitAll();
-		
+		http.authorizeRequests().antMatchers("/actuator/prometheus").permitAll();
+
 		// Note: call early, before http.authorizeRequests().anyRequest().fullyAuthenticated();
 		if (customConfigs != null) {
 			for (ICustomSecurityConfig cfg: customConfigs) cfg.apply(http);

src/main/java/eu/openanalytics/containerproxy/session/ISessionInformation.java

@@ -0,0 +1,33 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.session;
+
+import org.springframework.session.Session;
+
+public interface ISessionInformation {
+
+//    public Session findById(String sessionId);
+
+    public Long getLoggedInUsersCount();
+
+    public void reActivateSession(String sessionId);
+
+}

src/main/java/eu/openanalytics/containerproxy/session/UserSessionLogoutEvent.java

@@ -0,0 +1,45 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.session;
+
+import org.springframework.context.ApplicationEvent;
+
+public class UserSessionLogoutEvent extends ApplicationEvent {
+    
+    private String userId;
+    private String sessionId;
+
+    public UserSessionLogoutEvent(Object source, String userId, String sessionId) {
+        super(source);
+        this.userId = userId;
+        this.sessionId = sessionId;
+    }
+
+    public String getSessionId() {
+        return sessionId;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+}
+
+

src/main/java/eu/openanalytics/containerproxy/session/redis/RedisSessionInformation.java

@@ -0,0 +1,95 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.session.redis;
+
+import eu.openanalytics.containerproxy.session.ISessionInformation;
+import eu.openanalytics.containerproxy.session.UserSessionLogoutEvent;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.context.event.EventListener;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.web.authentication.session.SessionFixationProtectionEvent;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+
+import javax.inject.Inject;
+import java.util.HashMap;
+import java.util.HashSet;
+
+// TODO fully implement this as soon as HA is merged
+@Component
+@ConditionalOnProperty(name = "spring.session.store-type", havingValue = "redis")
+public class RedisSessionInformation implements ISessionInformation {
+
+    @Inject
+    @Lazy // TODO still needed?
+    private SessionRegistry sessionRegistry;
+
+    // This map keeps track of the logged-in users and their session in order to give the correct amount of logged in
+    // users. Since there is no Session Store setup we cannot use any Spring API to get the full list of logged in
+    // users. Therefore we maintain it ourself.
+    // we need to store the full Session and not only the SessionId, since the sessionId changes after logging in
+    private final HashMap<String, HashSet<String>> usersToSessionId = new HashMap<>();
+
+    @Override
+    public Long getLoggedInUsersCount() {
+        return usersToSessionId.values().stream().filter(v -> !v.isEmpty()).count();
+    }
+
+    @Override
+    public void reActivateSession(String sessionId) {
+        sessionRegistry.refreshLastRequest(sessionId);
+    }
+
+    @EventListener
+    public void onUserSessionLogoutEvent(UserSessionLogoutEvent event) {
+        synchronized (usersToSessionId) {
+            if (usersToSessionId.containsKey(event.getUserId())) {
+                usersToSessionId.get(event.getUserId()).remove(event.getSessionId());
+            }
+        }
+    }
+
+    @EventListener
+    public void onSessionIdChangeEvent(SessionFixationProtectionEvent event) {
+        String userId = event.getAuthentication().getName(); // TODO anonymous
+        synchronized (usersToSessionId) {
+            if (usersToSessionId.containsKey(userId)) {
+                usersToSessionId.get(userId).remove(event.getOldSessionId());
+                usersToSessionId.get(userId).add(event.getNewSessionId());
+            }
+        }
+    }
+
+    @EventListener
+    public void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) {
+        String sessionId = RequestContextHolder.currentRequestAttributes().getSessionId();
+        String userId = event.getAuthentication().getName(); // TODO anonymous access
+        synchronized (usersToSessionId) {
+            if (!usersToSessionId.containsKey(userId)) {
+                usersToSessionId.put(userId, new HashSet<>());
+            }
+            usersToSessionId.get(userId).add(sessionId);
+        }
+    }
+
+}

src/main/java/eu/openanalytics/containerproxy/session/undertow/CustomSessionManagerFactory.java

@@ -0,0 +1,50 @@
+/**
+ * ContainerProxy
+ *
+ * Copyright (C) 2016-2020 Open Analytics
+ *
+ * ===========================================================================
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the Apache License as published by
+ * The Apache Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Apache License for more details.
+ *
+ * You should have received a copy of the Apache License
+ * along with this program.  If not, see <http://www.apache.org/licenses/>
+ */
+package eu.openanalytics.containerproxy.session.undertow;
+
+import io.undertow.server.session.InMemorySessionManager;
+import io.undertow.server.session.SessionManager;
+import io.undertow.servlet.api.Deployment;
+import io.undertow.servlet.api.SessionManagerFactory;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CustomSessionManagerFactory implements SessionManagerFactory {
+
+    private InMemorySessionManager inMemorySessionManager = null;
+
+    @Override
+    public SessionManager createSessionManager(Deployment deployment) {
+        // TODO check if already set
+        inMemorySessionManager = new InMemorySessionManager(
+                deployment.getDeploymentInfo().getSessionIdGenerator(),
+                deployment.getDeploymentInfo().getDeploymentName(),
+                -1,
+                false,
+                deployment.getDeploymentInfo().getMetricsCollector() != null);
+        return inMemorySessionManager;
+    }
+
+    public InMemorySessionManager getInstance() {
+        return inMemorySessionManager;
+    }
+}