From a62140f94aeb698faf88a486fb5d7792845b9412 Mon Sep 17 00:00:00 2001
From: Gabriel Roldan <gabriel.roldan@camptocamp.com>
Date: Thu, 4 Apr 2024 11:43:22 -0300
Subject: [PATCH] Add server-side authorization requests caching

Support `AuthorizationService` caching decorator on the server, the same
way as done in the client.

Enabled automatically through the config property
`geoserver.acl.caching.enabled` and the shorter property name in
`values.yml` named `acl.caching` (as usual to ease overriding through
env variables).
---
 src/artifacts/api/pom.xml                     |  8 +++++
 ...izationServiceServerAutoConfiguration.java | 33 +++++++++++++++++++
 .../main/resources/META-INF/spring.factories  |  3 +-
 .../api/src/main/resources/application.yml    | 17 ++++++++++
 .../api/src/main/resources/values.yml         |  1 +
 .../ACLResourceAccessManager.java             |  9 +++--
 ...zationServicePluginAutoConfiguration.java} |  2 +-
 .../main/resources/META-INF/spring.factories  |  2 +-
 8 files changed, 69 insertions(+), 6 deletions(-)
 create mode 100644 src/artifacts/api/src/main/java/org/geoserver/acl/autoconfigure/cache/CachingAuthorizationServiceServerAutoConfiguration.java
 rename src/plugin/plugin/src/main/java/org/geoserver/acl/plugin/autoconfigure/cache/{CachingAuthorizationServiceAutoConfiguration.java => CachingAuthorizationServicePluginAutoConfiguration.java} (95%)

diff --git a/src/artifacts/api/pom.xml b/src/artifacts/api/pom.xml
index 8d86742..f790f7e 100644
--- a/src/artifacts/api/pom.xml
+++ b/src/artifacts/api/pom.xml
@@ -40,6 +40,14 @@
       <groupId>org.springframework.cloud</groupId>
       <artifactId>spring-cloud-starter-bus-amqp</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.geoserver.acl.integration</groupId>
+      <artifactId>gs-acl-cache</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-context-support</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.geotools</groupId>
       <artifactId>gt-main</artifactId>
diff --git a/src/artifacts/api/src/main/java/org/geoserver/acl/autoconfigure/cache/CachingAuthorizationServiceServerAutoConfiguration.java b/src/artifacts/api/src/main/java/org/geoserver/acl/autoconfigure/cache/CachingAuthorizationServiceServerAutoConfiguration.java
new file mode 100644
index 0000000..4b454d0
--- /dev/null
+++ b/src/artifacts/api/src/main/java/org/geoserver/acl/autoconfigure/cache/CachingAuthorizationServiceServerAutoConfiguration.java
@@ -0,0 +1,33 @@
+/* (c) 2023 Open Source Geospatial Foundation - all rights reserved
+ * This code is licensed under the GPL 2.0 license, available at the root
+ * application directory.
+ */
+package org.geoserver.acl.autoconfigure.cache;
+
+import lombok.extern.slf4j.Slf4j;
+
+import org.geoserver.acl.authorization.cache.CachingAuthorizationServiceConfiguration;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Import;
+
+import javax.annotation.PostConstruct;
+
+/**
+ * @since 2.2
+ * @see CachingAuthorizationServiceConfiguration
+ */
+@AutoConfiguration
+@ConditionalOnProperty(
+        name = "geoserver.acl.caching.enabled",
+        havingValue = "true",
+        matchIfMissing = true)
+@Import(CachingAuthorizationServiceConfiguration.class)
+@Slf4j(topic = "org.geoserver.acl.autoconfigure.cache")
+public class CachingAuthorizationServiceServerAutoConfiguration {
+
+    @PostConstruct
+    void logUsing() {
+        log.info("Caching ACL AuthorizationService enabled");
+    }
+}
diff --git a/src/artifacts/api/src/main/resources/META-INF/spring.factories b/src/artifacts/api/src/main/resources/META-INF/spring.factories
index 67afced..8249171 100644
--- a/src/artifacts/api/src/main/resources/META-INF/spring.factories
+++ b/src/artifacts/api/src/main/resources/META-INF/spring.factories
@@ -11,5 +11,6 @@ org.geoserver.acl.autoconfigure.security.InternalSecurityAutoConfiguration,\
 org.geoserver.acl.autoconfigure.security.PreAuthenticationSecurityAutoConfiguration,\
 org.geoserver.acl.autoconfigure.security.AuthenticationManagerAutoConfiguration,\
 org.geoserver.acl.autoconfigure.springdoc.SpringDocAutoConfiguration,\
-org.geoserver.acl.autoconfigure.bus.RabbitAutoConfiguration
+org.geoserver.acl.autoconfigure.bus.RabbitAutoConfiguration,\
+org.geoserver.acl.autoconfigure.cache.CachingAuthorizationServiceServerAutoConfiguration
 
diff --git a/src/artifacts/api/src/main/resources/application.yml b/src/artifacts/api/src/main/resources/application.yml
index 289fa37..065eadd 100644
--- a/src/artifacts/api/src/main/resources/application.yml
+++ b/src/artifacts/api/src/main/resources/application.yml
@@ -61,6 +61,21 @@ spring:
     default-property-inclusion: non-empty
     serialization:
       indent-output: true
+  cache:
+    type: caffeine
+    caffeine:
+      #CaffeineSpec supports parsing configuration off of a string
+      #The string syntax is a series of comma-separated keys or key-value pairs, each corresponding to a Caffeine builder method.
+      #
+      #initialCapacity=[integer]
+      #maximumSize=[long]
+      #maximumWeight=[long]
+      #expireAfterAccess=[duration]
+      #expireAfterWrite=[duration]
+      #refreshAfterWrite=[duration]
+      #softValues: sets Caffeine.softValues.
+      #recordStats: sets Caffeine.recordStats.
+      spec: softValues,initialCapacity=10000,recordStats
   autoconfigure:
     exclude:
       - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
@@ -128,6 +143,8 @@ jndi:
 geoserver:
   bus.enabled: false
   acl:
+    caching:
+      enabled: ${acl.caching:true}
     datasource:
       jndi-name: ${acl.db.jndiName:java:comp/env/jdbc/acl}
       url: ${acl.db.url:}
diff --git a/src/artifacts/api/src/main/resources/values.yml b/src/artifacts/api/src/main/resources/values.yml
index 24a2946..4b92825 100644
--- a/src/artifacts/api/src/main/resources/values.yml
+++ b/src/artifacts/api/src/main/resources/values.yml
@@ -22,6 +22,7 @@ rabbitmq.user: guest
 rabbitmq.password: guest
 #rabbitmq.vhost:
 
+acl.caching: true
 #
 # Basic auth security configuration
 #
diff --git a/src/plugin/accessmanager/src/main/java/org/geoserver/acl/plugin/accessmanager/ACLResourceAccessManager.java b/src/plugin/accessmanager/src/main/java/org/geoserver/acl/plugin/accessmanager/ACLResourceAccessManager.java
index c0af976..6f72641 100644
--- a/src/plugin/accessmanager/src/main/java/org/geoserver/acl/plugin/accessmanager/ACLResourceAccessManager.java
+++ b/src/plugin/accessmanager/src/main/java/org/geoserver/acl/plugin/accessmanager/ACLResourceAccessManager.java
@@ -332,10 +332,13 @@ private ProcessingResult wpsProcessingResult(
     }
 
     private AccessInfo getAccessInfo(AccessRequest accessRequest) {
-        Stopwatch sw = Stopwatch.createStarted();
+        final Level timeLogLevel = FINE;
+        final Stopwatch sw = LOGGER.isLoggable(timeLogLevel) ? Stopwatch.createStarted() : null;
         AccessInfo accessInfo = aclService.getAccessInfo(accessRequest);
-        sw.stop();
-        log(FINE, "ACL auth run in {0}: {1} -> {2}", sw, accessRequest, accessInfo);
+        if (null != sw) {
+            sw.stop();
+            log(timeLogLevel, "ACL auth run in {0}: {1} -> {2}", sw, accessRequest, accessInfo);
+        }
 
         if (accessInfo == null) {
             accessInfo = AccessInfo.DENY_ALL;
diff --git a/src/plugin/plugin/src/main/java/org/geoserver/acl/plugin/autoconfigure/cache/CachingAuthorizationServiceAutoConfiguration.java b/src/plugin/plugin/src/main/java/org/geoserver/acl/plugin/autoconfigure/cache/CachingAuthorizationServicePluginAutoConfiguration.java
similarity index 95%
rename from src/plugin/plugin/src/main/java/org/geoserver/acl/plugin/autoconfigure/cache/CachingAuthorizationServiceAutoConfiguration.java
rename to src/plugin/plugin/src/main/java/org/geoserver/acl/plugin/autoconfigure/cache/CachingAuthorizationServicePluginAutoConfiguration.java
index bf3affa..b9196c5 100644
--- a/src/plugin/plugin/src/main/java/org/geoserver/acl/plugin/autoconfigure/cache/CachingAuthorizationServiceAutoConfiguration.java
+++ b/src/plugin/plugin/src/main/java/org/geoserver/acl/plugin/autoconfigure/cache/CachingAuthorizationServicePluginAutoConfiguration.java
@@ -27,7 +27,7 @@
         matchIfMissing = true)
 @Import(CachingAuthorizationServiceConfiguration.class)
 @Slf4j(topic = "org.geoserver.acl.plugin.autoconfigure.cache")
-public class CachingAuthorizationServiceAutoConfiguration {
+public class CachingAuthorizationServicePluginAutoConfiguration {
 
     @PostConstruct
     void logUsing() {
diff --git a/src/plugin/plugin/src/main/resources/META-INF/spring.factories b/src/plugin/plugin/src/main/resources/META-INF/spring.factories
index 9bfa47c..739aff4 100644
--- a/src/plugin/plugin/src/main/resources/META-INF/spring.factories
+++ b/src/plugin/plugin/src/main/resources/META-INF/spring.factories
@@ -2,4 +2,4 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
 org.geoserver.acl.plugin.autoconfigure.accessmanager.AclAccessManagerAutoConfiguration,\
 org.geoserver.acl.plugin.autoconfigure.webui.AclWebUIAutoConfiguration,\
 org.geoserver.acl.plugin.autoconfigure.wps.AclWpsAutoConfiguration,\
-org.geoserver.acl.plugin.autoconfigure.cache.CachingAuthorizationServiceAutoConfiguration
\ No newline at end of file
+org.geoserver.acl.plugin.autoconfigure.cache.CachingAuthorizationServicePluginAutoConfiguration
\ No newline at end of file