perf($Gateway): reduce unnecessary log

johnnymillergh · Dec 22, 2020 · 7ba75c3 · 7ba75c3
1 parent eae68fc
commit 7ba75c3
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 34 deletions.
diff --git a/...src/main/java/com/jmsoftware/maf/gateway/universal/configuration/CustomConfiguration.java b/...src/main/java/com/jmsoftware/maf/gateway/universal/configuration/CustomConfiguration.java
@@ -6,6 +6,7 @@
 import org.springframework.validation.annotation.Validated;
 
 import javax.validation.constraints.NotBlank;
+import java.util.ArrayList;
 
 /**
  * <h1>CustomConfiguration</h1>
@@ -42,4 +43,24 @@ public class CustomConfiguration {
      * true - disable web request log; false - enable web request log.
      */
     private Boolean webRequestLogDisabled = false;
+
+    /**
+     * Flatten ignored urls string [ ].
+     *
+     * @return the string [ ]
+     */
+    public String[] flattenIgnoredUrls() {
+        final var ignoredRequests = this.getIgnoredRequest();
+        final var flattenIgnoredUrls = new ArrayList<String>();
+        flattenIgnoredUrls.addAll(ignoredRequests.getGet());
+        flattenIgnoredUrls.addAll(ignoredRequests.getPost());
+        flattenIgnoredUrls.addAll(ignoredRequests.getDelete());
+        flattenIgnoredUrls.addAll(ignoredRequests.getPut());
+        flattenIgnoredUrls.addAll(ignoredRequests.getHead());
+        flattenIgnoredUrls.addAll(ignoredRequests.getPatch());
+        flattenIgnoredUrls.addAll(ignoredRequests.getOptions());
+        flattenIgnoredUrls.addAll(ignoredRequests.getTrace());
+        flattenIgnoredUrls.addAll(ignoredRequests.getPattern());
+        return flattenIgnoredUrls.toArray(new String[0]);
+    }
 }
diff --git a/...tion/CustomServerAccessDeniedHandler.java → ...ion/GatewayServerAccessDeniedHandler.java b/...tion/CustomServerAccessDeniedHandler.java → ...ion/GatewayServerAccessDeniedHandler.java
@@ -16,7 +16,7 @@
  **/
 @Slf4j
 @Configuration
-public class CustomServerAccessDeniedHandler implements ServerAccessDeniedHandler {
+public class GatewayServerAccessDeniedHandler implements ServerAccessDeniedHandler {
     @Override
     public Mono<Void> handle(ServerWebExchange exchange, AccessDeniedException denied) {
         log.error("Access denied! Exception message: {}. Request URL: [{}] {}", denied.getMessage(),

diff --git a/...tware/maf/gateway/universal/configuration/JwtReactiveServerSecurityContextRepository.java b/...tware/maf/gateway/universal/configuration/JwtReactiveServerSecurityContextRepository.java
@@ -12,6 +12,7 @@
 import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
 
@@ -24,7 +25,9 @@
 @Component
 @RequiredArgsConstructor
 public class JwtReactiveServerSecurityContextRepository implements ServerSecurityContextRepository {
+    private final CustomConfiguration customConfiguration;
     private final ReactiveAuthenticationManager authenticationManager;
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
     @Override
     public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
@@ -34,6 +37,12 @@ public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
     @Override
     public Mono<SecurityContext> load(ServerWebExchange exchange) {
         ServerHttpRequest request = exchange.getRequest();
+        // Ignore allowed URL
+        for (String ignoredUrl : customConfiguration.flattenIgnoredUrls()) {
+            if (antPathMatcher.match(ignoredUrl, request.getURI().getPath())) {
+                return Mono.empty();
+            }
+        }
         String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
         if (StrUtil.isBlank(authorization) || !authorization.startsWith(JwtConfiguration.TOKEN_PREFIX)) {
             log.warn("Authentication failed! Cause: `{}` in HTTP headers not found. Request URL: [{}] {}",

diff --git a/...java/com/jmsoftware/maf/gateway/universal/configuration/WebFluxSecurityConfiguration.java b/...java/com/jmsoftware/maf/gateway/universal/configuration/WebFluxSecurityConfiguration.java
@@ -6,15 +6,11 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.server.SecurityWebFilterChain;
-import org.springframework.security.web.server.context.ServerSecurityContextRepository;
-
-import java.util.ArrayList;
 
 /**
  * Description: WebFluxSecurityConfiguration, change description here.
@@ -33,11 +29,11 @@
 @RequiredArgsConstructor
 public class WebFluxSecurityConfiguration {
     private final CustomConfiguration customConfiguration;
-    private final ReactiveAuthenticationManager reactiveAuthenticationManager;
+    private final JwtReactiveAuthenticationManager reactiveAuthenticationManager;
     private final RbacReactiveAuthorizationManager reactiveAuthorizationManager;
-    private final ServerSecurityContextRepository securityContextRepository;
-    private final ServerAuthenticationEntryPointImpl serverAuthenticationEntryPointImpl;
-    private final CustomServerAccessDeniedHandler customServerAccessDeniedHandler;
+    private final JwtReactiveServerSecurityContextRepository securityContextRepository;
+    private final ServerAuthenticationEntryPointImpl serverAuthenticationEntryPoint;
+    private final GatewayServerAccessDeniedHandler serverAccessDeniedHandler;
     private final RequestFilter requestFilter;
 
     @Bean
@@ -46,17 +42,16 @@ SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
                 .cors().disable()
                 .csrf().disable()
                 .exceptionHandling()
-                .authenticationEntryPoint(serverAuthenticationEntryPointImpl)
-                .accessDeniedHandler(customServerAccessDeniedHandler)
+                .authenticationEntryPoint(serverAuthenticationEntryPoint)
+                .accessDeniedHandler(serverAccessDeniedHandler)
                 .and()
                 .addFilterBefore(requestFilter, SecurityWebFiltersOrder.AUTHENTICATION)
                 // Authentication
                 .authenticationManager(reactiveAuthenticationManager)
                 .securityContextRepository(securityContextRepository)
                 .authorizeExchange()
-                .pathMatchers(flattenIgnoredUrls()).permitAll()
+                .pathMatchers(customConfiguration.flattenIgnoredUrls()).permitAll()
                 .pathMatchers(HttpMethod.OPTIONS).permitAll()
-//                .anyExchange().authenticated()
                 // Authorization
                 .anyExchange().access(reactiveAuthorizationManager)
                 .and()
@@ -67,20 +62,4 @@ SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
     public BCryptPasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
-
-    private String[] flattenIgnoredUrls() {
-        final var ignoredRequests = customConfiguration.getIgnoredRequest();
-        final var flattenIgnoredUrls = new ArrayList<String>();
-        flattenIgnoredUrls.addAll(ignoredRequests.getGet());
-        flattenIgnoredUrls.addAll(ignoredRequests.getPost());
-        flattenIgnoredUrls.addAll(ignoredRequests.getDelete());
-        flattenIgnoredUrls.addAll(ignoredRequests.getPut());
-        flattenIgnoredUrls.addAll(ignoredRequests.getHead());
-        flattenIgnoredUrls.addAll(ignoredRequests.getPatch());
-        flattenIgnoredUrls.addAll(ignoredRequests.getOptions());
-        flattenIgnoredUrls.addAll(ignoredRequests.getTrace());
-        flattenIgnoredUrls.addAll(ignoredRequests.getPattern());
-        log.info("Ignored URL list for WebFlux security: {}", flattenIgnoredUrls);
-        return flattenIgnoredUrls.toArray(new String[0]);
-    }
 }
diff --git a/gateway/src/main/java/com/jmsoftware/maf/gateway/universal/filter/RequestFilter.java b/gateway/src/main/java/com/jmsoftware/maf/gateway/universal/filter/RequestFilter.java
@@ -1,8 +1,12 @@
 package com.jmsoftware.maf.gateway.universal.filter;
 
+import com.jmsoftware.maf.gateway.universal.configuration.CustomConfiguration;
 import com.jmsoftware.maf.gateway.universal.util.RequestUtil;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.server.ServerWebExchange;
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
@@ -18,20 +22,31 @@
  **/
 @Slf4j
 @Component
+@RequiredArgsConstructor
 public class RequestFilter implements WebFilter {
+    private final CustomConfiguration customConfiguration;
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
     @Override
     @SuppressWarnings("NullableProblems")
     public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        ServerHttpRequest request = exchange.getRequest();
+        for (String ignoredUrl : customConfiguration.flattenIgnoredUrls()) {
+            if (antPathMatcher.match(ignoredUrl, request.getURI().getPath())) {
+                return chain.filter(exchange);
+            }
+        }
+        // Only record non-ignored request log
         log.info("{} (pre). Requester: {}, request URL: [{}] {}",
                  this.getClass().getSimpleName(),
-                 RequestUtil.getRequestIpAndPort(exchange.getRequest()), exchange.getRequest().getMethod(),
-                 exchange.getRequest().getURI());
+                 RequestUtil.getRequestIpAndPort(request), request.getMethod(),
+                 request.getURI());
         return chain.filter(exchange).then(
                 Mono.fromRunnable(() -> log.info("{} (post). Requester: {}, request URL: [{}] {}",
                                                  this.getClass().getSimpleName(),
-                                                 RequestUtil.getRequestIpAndPort(exchange.getRequest()),
-                                                 exchange.getRequest().getMethod(),
-                                                 exchange.getRequest().getURI()))
+                                                 RequestUtil.getRequestIpAndPort(request),
+                                                 request.getMethod(),
+                                                 request.getURI()))
         );
     }
 }