Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RR][Micrometer] Path templates not resolved when request is rejected for auth reason #26104

Closed
pravussum opened this issue Jun 14, 2022 · 3 comments
Labels
area/metrics kind/bug Something isn't working

Comments

@pravussum
Copy link
Contributor

Describe the bug

When a HTTP request is rejected due to authentication/authorization reasons, the path templates for the micrometer metrics are not resolved correctly, e. g. path params are not replaced with their placeholder, but show the actual value in the metrics instead.

Find a small reproducer project in the "How to Reproduce" section.

Some debugging showed that in the error case the ObservabilityHandler is not called and thus the UrlPathTemplate is not set in the request context.

This is probably due to security filters rejecting the request before the handler chain reaches the ObservabilityHandler.

Note that I'm using resteasy-reactive here.

Expected behavior

All requests are resolved correctly, no matter what the response status is.

Actual behavior

401 and 403 status responses do not resolve correctly (there might be more).

How to Reproduce?

Reproducer project: https://github.com/pravussum/code-with-quarkus-unauth-metering

  1. Clone and build, run in dev mode
  2. open browser and request http://localhost:8080/hello/123 →response with status 200 and correct content is received
  3. request http://localhost:8080/hello/authenticated/123 →response with status 403 is received (as expected)
  4. request micrometer metrics under http://localhost:8080/q/metrics

The metrics will show something like this:

http_server_requests_seconds_count{method="GET",outcome="SUCCESS",status="200",uri="/hello/{id}",} 1.0
http_server_requests_seconds_sum{method="GET",outcome="SUCCESS",status="200",uri="/hello/{id}",} 0.008156988
http_server_requests_seconds_count{method="GET",outcome="CLIENT_ERROR",status="403",uri="/hello/authenticated/123",} 3.0
http_server_requests_seconds_sum{method="GET",outcome="CLIENT_ERROR",status="403",uri="/hello/authenticated/123",} 0.013112636

The request to the unauthenticated endpoint /hello/{id} has been resolved correctly to its placeholder version.
The request to the denyAll endpoint /hello/authenticated/{id} has not been resolved and shows up with the actual id 123 instead of the placeholder {id}

Output of uname -a or ver

Linux robert-ThinkPad-T480 5.15.0-37-generic #39-Ubuntu SMP Wed Jun 1 19:16:45 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Output of java -version

openjdk version "17.0.3" 2022-04-19 OpenJDK Runtime Environment (build 17.0.3+7-Ubuntu-0ubuntu0.22.04.1) OpenJDK 64-Bit Server VM (build 17.0.3+7-Ubuntu-0ubuntu0.22.04.1, mixed mode, sharing)

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.9.2

Build tool (ie. output of mvnw --version or gradlew --version)

Maven 3.8.4

Additional information

No response

@pravussum pravussum added the kind/bug Something isn't working label Jun 14, 2022
@quarkus-bot
Copy link

quarkus-bot bot commented Jun 14, 2022

/cc @ebullient

@pravussum
Copy link
Contributor Author

Probably a dup of #24938

@ebullient
Copy link
Member

yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/metrics kind/bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants