Skip to content

Add request filter for early user and query parsing #748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

Add request filter for early user and query parsing #748

merged 1 commit into from
Nov 3, 2025

Conversation

@vishalya
Copy link
Member

@vishalya vishalya commented Aug 11, 2025

Description

The parsing of the user and query was happening at different places and at a later stages, this PR structures it to happen at a early stage and a single point in time.

Additional context and related issues

  • Early Request Parsing: New JAX-RS filters have been added to intercept incoming requests. This filter is responsible for parsing essential user and query information at the earliest stage of processing under the PRE_AUTHENTICATION and PRE_AUTHORIZATION.
  • Use of ContainerRequestContext: The implementation now uses ContainerRequestContext instead of HttpServletRequest to access request details, as this is the object available within the JAX-RS filter context.
  • Injecting Request Attributes: The extracted user and query information is now passed along via request attributes, making it easily accessible in the later stages of request routing

Release notes

(X) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required, with the following suggested text:

@cla-bot cla-bot bot added the cla-signed label Aug 11, 2025
Chaho12
Chaho12 reviewed Aug 12, 2025
View reviewed changes
@vishalya
Copy link
Member Author

vishalya commented Aug 12, 2025

Addressed the review comments.

RoeyoOgen
RoeyoOgen reviewed Aug 17, 2025
View reviewed changes
ebyhr
ebyhr requested changes Aug 26, 2025
View reviewed changes
@vishalya vishalya force-pushed the parse-user-query branch 2 times, most recently from 239f66a to 68e1860 Compare August 29, 2025 20:45
@oneonestar
Copy link
Member

oneonestar commented Sep 2, 2025

How about using a single filter to parse all the data instead of having multiple filters?
We can store all the necessary data in a single object.
I think this would simplify the code and also help avoid dependency or execution order issues between multiple filters in the future.

@vishalya
Copy link
Member Author

vishalya commented Sep 3, 2025

I would like to keep it separate as they are different and will be parsed at different priorities (user info might need to be parsed at pre-authentication and query might be parsed at pre-authorization), The query information may not be present for all the requests.

@vishalya vishalya force-pushed the parse-user-query branch 2 times, most recently from b97df7f to b202da0 Compare September 16, 2025 20:36
@vishalya
Copy link
Member Author

vishalya commented Sep 16, 2025

Added a new class PathFilter to reuse the logic in the filters.

@vishalya
Copy link
Member Author

vishalya commented Sep 16, 2025

@ebyhr - I have addressed the review comments.

Chaho12
Chaho12 reviewed Sep 17, 2025
View reviewed changes
@vishalya vishalya force-pushed the parse-user-query branch 2 times, most recently from 910492f to 1d71ebd Compare September 26, 2025 20:02
@xkrogen
Copy link
Member

xkrogen commented Oct 17, 2025

@vishalya are you still working on this? Would love to see it land -- this is a great cleanup

@vishalya
Copy link
Member Author

vishalya commented Oct 27, 2025

I’ll spend some time on the code comments this week

Chaho12
Chaho12 approved these changes Oct 29, 2025
View reviewed changes
Copy link
Member

@Chaho12 Chaho12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Can you resolve comments if they are addressed :)

@Chaho12
Copy link
Member

Chaho12 commented Nov 3, 2025

Let's get this merged. This refactoring would affect others quite a bit.

@Chaho12 Chaho12 merged commit 5a36940 into trinodb:main Nov 3, 2025
3 checks passed
@github-actions github-actions bot added this to the 17 milestone Nov 3, 2025
ebyhr
ebyhr reviewed Nov 4, 2025
View reviewed changes
gateway-ha/src/main/java/io/trino/gateway/ha/router/PathFilter.java
Comment on lines +44 to +46
public PathFilter(
List<String> statementPaths,
List<String> extraWhitelistPaths)
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please inject HaGatewayConfiguration instead.

gateway-ha/src/main/java/io/trino/gateway/ha/router/PathFilter.java
List<String> statementPaths,
List<String> extraWhitelistPaths)
{
this.statementPaths = Set.copyOf(requireNonNull(statementPaths, "Required configuration 'statementPaths' can't be null"));
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use ImmutableSet.copyOf and remove requireNonNull.

gateway-ha/src/main/java/io/trino/gateway/ha/router/TrinoQueryProperties.java
Comment on lines +151 to +152
this("", "", "", ImmutableList.of(), Optional.empty(), Optional.empty(),
ImmutableSet.of(), ImmutableSet.of(), ImmutableSet.of(), false, Optional.empty());
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The convention is single line or separate lines.

        this(
                "",
                "",
                "",
                ImmutableList.of(),
                Optional.empty(),
                Optional.empty(),
                ImmutableSet.of(),
                ImmutableSet.of(),
                ImmutableSet.of(),
                false,
                Optional.empty());

gateway-ha/src/main/java/io/trino/gateway/ha/router/TrinoRequestUser.java
private Optional<String> extractUserFromCookies(ContainerRequestContext requestContext, String userField)
{
if (request.getCookies() == null) {
Map<String, jakarta.ws.rs.core.Cookie> cookies = requestContext.getCookies();
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Import jakarta.ws.rs.core.Cookie.

gateway-ha/src/main/java/io/trino/gateway/ha/security/QueryMetadataParser.java
Comment on lines +44 to +45
private static final int MAX_QUERY_TEXT_LOG_LENGTH = 100;
private final boolean isAnalyzeRequest;
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an empty line between constants and fields.

gateway-ha/src/test/java/io/trino/gateway/ha/security/TestQueryMetadataParser.java
Comment on lines +97 to +102
try {
when(uriInfo.getRequestUri()).thenReturn(new URI("http://localhost" + HttpUtils.OAUTH_PATH));
}
catch (URISyntaxException e) {
throw new RuntimeException(e);
}
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove redundant try-catch.

gateway-ha/src/test/java/io/trino/gateway/ha/security/TestQueryMetadataParser.java
Comment on lines +128 to +133
try {
when(uriInfo.getRequestUri()).thenReturn(new URI("http://localhost" + HttpUtils.V1_STATEMENT_PATH));
}
catch (URISyntaxException e) {
throw new RuntimeException(e);
}
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove redundant try-catch.

gateway-ha/src/test/java/io/trino/gateway/ha/security/TestQueryMetadataParser.java
Comment on lines +157 to +162
try {
when(uriInfo.getRequestUri()).thenReturn(new URI("http://localhost" + HttpUtils.V1_STATEMENT_PATH));
}
catch (URISyntaxException e) {
throw new RuntimeException(e);
}
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove redundant try-catch.

gateway-ha/src/test/java/io/trino/gateway/ha/security/TestQueryMetadataParser.java
Comment on lines +191 to +196
try {
when(uriInfo.getRequestUri()).thenReturn(new URI("http://localhost" + HttpUtils.V1_STATEMENT_PATH));
}
catch (URISyntaxException e) {
throw new RuntimeException(e);
}
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove redundant try-catch.

gateway-ha/src/test/java/io/trino/gateway/ha/security/TestQueryUserInfoParser.java

final class TestQueryUserInfoParser
{
private QueryUserInfoParser filter;
Copy link
Member

@ebyhr ebyhr Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make this field constant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ebyhr ebyhr ebyhr requested changes

@Chaho12 Chaho12 Chaho12 approved these changes

@oneonestar oneonestar Awaiting requested review from oneonestar

@andythsu andythsu Awaiting requested review from andythsu

+1 more reviewer

@RoeyoOgen RoeyoOgen RoeyoOgen left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed

Milestone

17

Development

Successfully merging this pull request may close these issues.

6 participants

@vishalya @oneonestar @xkrogen @Chaho12 @ebyhr @RoeyoOgen