search

SAP / cloud-sdk-java

Use the SAP Cloud SDK for Java to reduce development effort when building applications on SAP Business Technology Platform that communicate with SAP solutions and services such as SAP S/4HANA Cloud, SAP SuccessFactors, and many others.
Apache License 2.0
21 stars 9 forks source link

RequestAccessorFilter caused removal of HTTP payload #394

Closed chipp-sap closed 2 months ago

chipp-sap commented 3 months ago

Issue Description

We have a spring boot REST interface that reads the payload of an HTTP request as follows:

    @ResponseStatus(value = HttpStatus.OK)
    @PostMapping(value = FESR_PATH, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
    public void handleBeacon(final HttpServletRequest request) {
        final String body;
        try {
            body = org.apache.commons.io.IOUtils.toString(request.getReader());
        } catch (IOException e) {
            LOGGER.error("Failed to process beacon request", e);
            throw new InternalServerErrorException("Cannot process request");
        }
        LOGGER.debug("body={}", body);
        ...
    }

Since upgrading to Cloud SDK 5 we observe that the payload, ie. body, is empty. After some debugging we found out that servlet-jakarta's RequestAccessorFilter is the root case that the payload is empty. This is because the filter chain get's executed in a separate thread. If another thread reads the content of the servlet before we try to do so, the payload is empty upon reading.

We "fixed" the problem by excluding the servlet jakarta dependency. However, we do not know the consequences of this actions. This issue was very tricky to analyze and we do not see the necessity to execute the filter chain in a separate thread.

Dependency tree:

[MVNVM] Using maven: 3.9.6 [INFO] Scanning for projects... [WARNING] [WARNING] Some problems were encountered while building the effective model for com.sap.crun.perfmon:x-perfmon-srv:jar:1.2.0 [WARNING] 'build.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.apache.maven.plugins:maven-dependency-plugin @ line 327, column 12 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects. [WARNING] [INFO] ------------------------------------------------------------------------ [INFO] Detecting the operating system and CPU architecture [INFO] ------------------------------------------------------------------------ [INFO] os.detected.name: osx [INFO] os.detected.arch: aarch_64 [INFO] os.detected.bitness: 64 [INFO] os.detected.version: 14.4 [INFO] os.detected.version.major: 14 [INFO] os.detected.version.minor: 4 [INFO] os.detected.classifier: osx-aarch_64 [INFO] [INFO] -----------------< com.sap.crun.perfmon:x-perfmon-srv >----------------- [INFO] Building x-perfmon-srv 1.2.0 [INFO] from pom.xml [INFO] --------------------------------[ jar ]--------------------------------- [INFO] [INFO] --- dependency:3.6.1:tree (default-cli) @ x-perfmon-srv --- [INFO] com.sap.crun.perfmon:x-perfmon-srv:jar:1.2.0 [INFO] +- org.springframework.boot:spring-boot-starter-aop:jar:3.2.4:compile [INFO] | +- org.springframework.boot:spring-boot-starter:jar:3.2.4:compile [INFO] | | +- org.springframework.boot:spring-boot:jar:3.2.4:compile [INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:3.2.4:compile [INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:3.2.4:compile [INFO] | | | +- ch.qos.logback:logback-classic:jar:1.4.14:compile [INFO] | | | | - ch.qos.logback:logback-core:jar:1.4.14:compile [INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.21.1:compile [INFO] | | | | - org.apache.logging.log4j:log4j-api:jar:2.21.1:compile [INFO] | | | - org.slf4j:jul-to-slf4j:jar:2.0.12:compile [INFO] | | - org.yaml:snakeyaml:jar:2.2:compile [INFO] | +- org.springframework:spring-aop:jar:6.1.5:compile [INFO] | | - org.springframework:spring-beans:jar:6.1.5:compile [INFO] | - org.aspectj:aspectjweaver:jar:1.9.21:compile [INFO] +- org.springframework.boot:spring-boot-starter-jdbc:jar:3.2.4:compile [INFO] | - org.springframework:spring-jdbc:jar:6.1.5:compile [INFO] | - org.springframework:spring-tx:jar:6.1.5:compile [INFO] +- org.springframework.boot:spring-boot-starter-cache:jar:3.2.4:compile [INFO] | - org.springframework:spring-context-support:jar:6.1.5:compile [INFO] | - org.springframework:spring-context:jar:6.1.5:compile [INFO] +- org.springframework.boot:spring-boot-configuration-processor:jar:3.2.4:compile [INFO] +- com.sap.dwc:util-headers:jar:2.3.3:compile [INFO] | +- com.sap.dwc:util-model:jar:2.3.3:compile [INFO] | +- org.apache.httpcomponents.client5:httpclient5:jar:5.2.3:compile [INFO] | | +- org.apache.httpcomponents.core5:httpcore5:jar:5.2.4:compile [INFO] | | - org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2.4:compile [INFO] | - com.sap.dwc.commons:commons-util:jar:2.23.0:compile [INFO] +- com.sap.dwc:util-mutual-authentication:jar:2.3.3:compile [INFO] | +- org.bouncycastle:bcprov-jdk18on:jar:1.77:compile [INFO] | - org.bouncycastle:bcpkix-jdk18on:jar:1.77:compile [INFO] | - org.bouncycastle:bcutil-jdk18on:jar:1.77:compile [INFO] +- com.sap.dwc:util-routing:jar:2.3.3:compile [INFO] +- com.sap.crun.jobscheduler:x-js-clientlib:jar:2.0.17:compile [INFO] | +- com.sap.cds:cds4j-api:jar:2.8.1:compile [INFO] | +- com.sap.cds:cds4j-tx:jar:2.3.0:compile [INFO] | +- com.sap.xs:java-js-client:jar:1.5.11:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:resilience:jar:5.6.0:compile [INFO] | | - com.sap.cloud.sdk.cloudplatform:resilience-api:jar:5.6.0:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:resilience4j:jar:5.6.0:compile [INFO] | | +- io.github.resilience4j:resilience4j-circuitbreaker:jar:2.2.0:compile [INFO] | | | - io.github.resilience4j:resilience4j-core:jar:2.2.0:compile [INFO] | | +- io.github.resilience4j:resilience4j-bulkhead:jar:2.2.0:compile [INFO] | | +- io.github.resilience4j:resilience4j-timelimiter:jar:2.2.0:compile [INFO] | | +- io.github.resilience4j:resilience4j-retry:jar:2.2.0:compile [INFO] | | +- io.github.resilience4j:resilience4j-ratelimiter:jar:2.2.0:compile [INFO] | | - javax.cache:cache-api:jar:1.1.1:compile [INFO] | +- commons-io:commons-io:jar:2.11.0:compile [INFO] | +- commons-collections:commons-collections:jar:3.2.2:compile [INFO] | +- com.sap.cloud.s4hana:sdk-modules-bom:pom:2.20.1:import [INFO] | +- org.springframework.security:spring-security-core:jar:6.2.3:compile [INFO] | | +- org.springframework.security:spring-security-crypto:jar:6.2.3:compile [INFO] | | - org.springframework:spring-expression:jar:6.1.5:compile [INFO] | - com.sap.cloud.tenantlifecycle:euporie-api:jar:2.0.0-20240401104545_fcf38dec634dc4c6e854df9e1992e2330850d46f:compile [INFO] | - com.sap.cloud.tenantlifecycle:euporie-api-domain:jar:2.0.0-20240401104545_fcf38dec634dc4c6e854df9e1992e2330850d46f:compile [INFO] +- com.sap.crun.bsm:ops-bsm-clientlib:jar:1.0.38:compile [INFO] | +- com.sap.cds:cds-services-api:jar:2.8.1:compile [INFO] | +- org.springframework.retry:spring-retry:jar:2.0.5:compile [INFO] | - org.json:json:jar:20231013:compile [INFO] +- com.sap.calm.metering:calm-metering-lib:jar:2.0.0-20240402025900_63542a397a989cc2ac37447a3a37951cc22e5f54:compile [INFO] | +- org.springframework.boot:spring-boot-starter-webflux:jar:3.2.4:compile [INFO] | | +- org.springframework.boot:spring-boot-starter-reactor-netty:jar:3.2.4:compile [INFO] | | | - io.projectreactor.netty:reactor-netty-http:jar:1.1.17:compile [INFO] | | | +- io.netty:netty-codec-http:jar:4.1.108.Final:compile [INFO] | | | | +- io.netty:netty-common:jar:4.1.108.Final:compile [INFO] | | | | +- io.netty:netty-buffer:jar:4.1.108.Final:compile [INFO] | | | | +- io.netty:netty-transport:jar:4.1.108.Final:compile [INFO] | | | | +- io.netty:netty-codec:jar:4.1.108.Final:compile [INFO] | | | | - io.netty:netty-handler:jar:4.1.108.Final:compile [INFO] | | | +- io.netty:netty-codec-http2:jar:4.1.108.Final:compile [INFO] | | | +- io.netty:netty-resolver-dns:jar:4.1.108.Final:compile [INFO] | | | | +- io.netty:netty-resolver:jar:4.1.108.Final:compile [INFO] | | | | - io.netty:netty-codec-dns:jar:4.1.108.Final:compile [INFO] | | | +- io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.108.Final:compile [INFO] | | | | - io.netty:netty-resolver-dns-classes-macos:jar:4.1.108.Final:compile [INFO] | | | +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.108.Final:compile [INFO] | | | | +- io.netty:netty-transport-native-unix-common:jar:4.1.108.Final:compile [INFO] | | | | - io.netty:netty-transport-classes-epoll:jar:4.1.108.Final:compile [INFO] | | | - io.projectreactor.netty:reactor-netty-core:jar:1.1.17:compile [INFO] | | | - io.netty:netty-handler-proxy:jar:4.1.108.Final:compile [INFO] | | | - io.netty:netty-codec-socks:jar:4.1.108.Final:compile [INFO] | | - org.springframework:spring-webflux:jar:6.1.5:compile [INFO] | | - io.projectreactor:reactor-core:jar:3.6.4:compile [INFO] | | - org.reactivestreams:reactive-streams:jar:1.0.4:compile [INFO] | +- com.sap.hcp.cf.logging:cf-java-logging-support-logback:jar:3.7.0:compile [INFO] | | - com.sap.hcp.cf.logging:cf-java-logging-support-core:jar:3.7.0:compile [INFO] | | - com.fasterxml.jackson.jr:jackson-jr-objects:jar:2.15.4:compile [INFO] | - com.sap.crun.comm:x-comm-clientlib:jar:3.0.3:compile [INFO] | - com.sap.cloud.sdk.frameworks:resilience4j:jar:4.29.0:compile [INFO] +- javax.validation:validation-api:jar:2.0.1.Final:compile [INFO] +- com.sap.calm.x:calm-kafka-clientlib:jar:2.1.2-20240328104546_c7293098ad69b3e549b9bf2091b6cc2f5a01bd57:compile [INFO] | +- io.cloudevents:cloudevents-json-jackson:jar:2.5.0:compile [INFO] | | - io.cloudevents:cloudevents-core:jar:2.5.0:compile [INFO] | | - io.cloudevents:cloudevents-api:jar:2.5.0:compile [INFO] | +- io.cloudevents:cloudevents-kafka:jar:2.5.0:compile [INFO] | | - org.apache.kafka:kafka-clients:jar:3.6.1:compile [INFO] | | +- com.github.luben:zstd-jni:jar:1.5.5-1:runtime [INFO] | | +- org.lz4:lz4-java:jar:1.8.0:runtime [INFO] | | - org.xerial.snappy:snappy-java:jar:1.1.10.4:runtime [INFO] | +- org.immutables:value:jar:2.10.1:compile [INFO] | +- com.fasterxml.jackson.core:jackson-core:jar:2.15.4:compile [INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.15.4:compile [INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.15.4:compile [INFO] | +- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.15.4:compile [INFO] | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.15.4:compile [INFO] | +- jakarta.validation:jakarta.validation-api:jar:3.0.2:compile [INFO] | +- org.jsoup:jsoup:jar:1.17.2:compile [INFO] | +- org.springframework.security:spring-security-oauth2-client:jar:6.2.3:compile [INFO] | | +- org.springframework.security:spring-security-web:jar:6.2.3:compile [INFO] | | - com.nimbusds:oauth2-oidc-sdk:jar:9.43.3:compile [INFO] | | +- com.nimbusds:content-type:jar:2.2:compile [INFO] | | - com.nimbusds:lang-tag:jar:1.7:compile [INFO] | +- org.springframework.kafka:spring-kafka:jar:3.1.3:compile [INFO] | | - org.springframework:spring-messaging:jar:6.1.5:compile [INFO] | +- io.pivotal.cfenv:java-cfenv:jar:3.1.5:compile [INFO] | | - com.cedarsoftware:json-io:jar:4.19.1:compile [INFO] | | - com.novell.ldap:jldap:jar:2009-10-07:compile [INFO] | +- org.apache.commons:commons-collections4:jar:4.4:compile [INFO] | +- com.google.code.gson:gson:jar:2.10.1:compile [INFO] | +- org.springframework.cloud:spring-cloud-context:jar:4.1.1:compile [INFO] | - org.apache.commons:commons-text:jar:1.11.0:compile [INFO] +- com.github.json-template:jsontemplate:jar:0.2.2:compile [INFO] | - org.antlr:antlr4-runtime:jar:4.8-1:compile [INFO] +- com.github.curious-odd-man:rgxgen:jar:1.4:compile [INFO] +- com.sap.crun.landscape:x-landscape-clientlib:jar:2.0.1-m22:compile [INFO] +- org.springdoc:springdoc-openapi-starter-webmvc-ui:jar:2.5.0:compile [INFO] | +- org.springdoc:springdoc-openapi-starter-webmvc-api:jar:2.5.0:compile [INFO] | | - org.springdoc:springdoc-openapi-starter-common:jar:2.5.0:compile [INFO] | | - io.swagger.core.v3:swagger-core-jakarta:jar:2.2.21:compile [INFO] | | +- io.swagger.core.v3:swagger-annotations-jakarta:jar:2.2.21:compile [INFO] | | - io.swagger.core.v3:swagger-models-jakarta:jar:2.2.21:compile [INFO] | - org.webjars:swagger-ui:jar:5.13.0:compile [INFO] +- com.jayway.jsonpath:json-path:jar:2.9.0:compile [INFO] | +- net.minidev:json-smart:jar:2.5.0:compile [INFO] | | - net.minidev:accessors-smart:jar:2.5.0:compile [INFO] | | - org.ow2.asm:asm:jar:9.4:compile [INFO] | - org.slf4j:slf4j-api:jar:2.0.12:compile [INFO] +- com.google.protobuf:protobuf-java:jar:3.25.2:compile [INFO] +- com.google.protobuf:protobuf-java-util:jar:3.25.2:compile [INFO] | +- com.google.code.findbugs:jsr305:jar:3.0.2:compile [INFO] | +- com.google.errorprone:error_prone_annotations:jar:2.14.0:compile [INFO] | +- com.google.guava:guava:jar:32.0.1-jre:compile [INFO] | | +- com.google.guava:failureaccess:jar:1.0.1:compile [INFO] | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile [INFO] | | - org.checkerframework:checker-qual:jar:3.42.0:compile [INFO] | - com.google.j2objc:j2objc-annotations:jar:2.8:compile [INFO] +- io.opentelemetry.javaagent:opentelemetry-javaagent:jar:2.2.0:runtime [INFO] +- io.opentelemetry:opentelemetry-api:jar:1.36.0:compile [INFO] | - io.opentelemetry:opentelemetry-context:jar:1.36.0:compile [INFO] +- io.opentelemetry.semconv:opentelemetry-semconv:jar:1.23.1-alpha:compile [INFO] +- com.sap.crun.calmextapi:x-calmanalyticslib:jar:1.2.162-20240319104244_bdb7fe7ba11efee1c0cc961743a7fa6c48e990e4:compile [INFO] | - org.springframework.boot:spring-boot-starter-validation:jar:3.2.4:compile [INFO] | +- org.apache.tomcat.embed:tomcat-embed-el:jar:10.1.19:compile [INFO] | - org.hibernate.validator:hibernate-validator:jar:8.0.1.Final:compile [INFO] | +- org.jboss.logging:jboss-logging:jar:3.5.3.Final:compile [INFO] | - com.fasterxml:classmate:jar:1.6.0:compile [INFO] +- io.opentelemetry.proto:opentelemetry-proto:jar:1.0.0-alpha:compile [INFO] +- com.sap.xdsr:passport:jar:3.12.0:compile [INFO] +- com.sap.xdsr:otel-agent-ext-java:jar:1.5.12-RC-20240402072519_7d5d4ab5ba6f66b1a86043640513d8e487e6081d:runtime [INFO] | +- com.google.auto.service:auto-service:jar:1.1.1:runtime [INFO] | | +- com.google.auto.service:auto-service-annotations:jar:1.1.1:runtime [INFO] | | - com.google.auto:auto-common:jar:1.2.1:runtime [INFO] | - io.opentelemetry:opentelemetry-exporter-otlp:jar:1.36.0:runtime [INFO] | +- io.opentelemetry:opentelemetry-exporter-sender-okhttp:jar:1.36.0:runtime [INFO] | | - com.squareup.okhttp3:okhttp:jar:4.12.0:runtime [INFO] | | +- com.squareup.okio:okio:jar:1.17.6:runtime [INFO] | | - org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.9.23:runtime [INFO] | | +- org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.23:runtime [INFO] | | | - org.jetbrains:annotations:jar:13.0:runtime [INFO] | | - org.jetbrains.kotlin:kotlin-stdlib-jdk7:jar:1.9.23:runtime [INFO] | - io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi:jar:1.36.0:runtime [INFO] +- io.opentelemetry:opentelemetry-sdk:jar:1.36.0:test [INFO] | +- io.opentelemetry:opentelemetry-sdk-common:jar:1.36.0:runtime [INFO] | +- io.opentelemetry:opentelemetry-sdk-trace:jar:1.36.0:runtime [INFO] | +- io.opentelemetry:opentelemetry-sdk-metrics:jar:1.36.0:runtime [INFO] | - io.opentelemetry:opentelemetry-sdk-logs:jar:1.36.0:runtime [INFO] | - io.opentelemetry:opentelemetry-api-events:jar:1.35.0-alpha:runtime [INFO] +- io.opentelemetry:opentelemetry-exporter-otlp-common:jar:1.36.0:test [INFO] | +- io.opentelemetry:opentelemetry-exporter-common:jar:1.36.0:runtime [INFO] | - io.opentelemetry:opentelemetry-extension-incubator:jar:1.35.0-alpha:runtime [INFO] +- org.mockito:mockito-inline:jar:5.2.0:test [INFO] | - org.mockito:mockito-core:jar:5.7.0:test [INFO] | +- net.bytebuddy:byte-buddy:jar:1.14.12:test [INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.14.12:test [INFO] | - org.objenesis:objenesis:jar:3.3:test [INFO] +- org.junit.jupiter:junit-jupiter-params:jar:5.10.2:test [INFO] | - org.apiguardian:apiguardian-api:jar:1.1.2:test [INFO] +- org.junit.jupiter:junit-jupiter-api:jar:5.10.2:test [INFO] | +- org.opentest4j:opentest4j:jar:1.3.0:test [INFO] | - org.junit.platform:junit-platform-commons:jar:1.10.2:test [INFO] +- org.junit.platform:junit-platform-runner:jar:1.10.2:test [INFO] | +- junit:junit:jar:4.13.2:test [INFO] | | - org.hamcrest:hamcrest-core:jar:2.2:test [INFO] | +- org.junit.platform:junit-platform-launcher:jar:1.10.2:test [INFO] | +- org.junit.platform:junit-platform-suite-api:jar:1.10.2:test [INFO] | - org.junit.platform:junit-platform-suite-commons:jar:1.10.2:test [INFO] +- org.junit.jupiter:junit-jupiter-engine:jar:5.10.2:test [INFO] | - org.junit.platform:junit-platform-engine:jar:1.10.2:test [INFO] +- com.opencsv:opencsv:jar:5.9:compile [INFO] | +- org.apache.commons:commons-lang3:jar:3.14.0:compile [INFO] | - commons-beanutils:commons-beanutils:jar:1.9.4:compile [INFO] | - commons-logging:commons-logging:jar:1.2:compile [INFO] +- com.sap.cds:cds-starter-spring-boot-odata:jar:2.8.1:compile [INFO] | +- com.sap.cds:cds-starter-spring-boot:jar:2.8.1:compile [INFO] | | +- com.sap.cds:cds-feature-jdbc:jar:2.8.1:runtime [INFO] | | - com.sap.cds:cds-framework-spring-boot:jar:2.8.1:runtime [INFO] | - com.sap.cds:cds-adapter-odata-v4:jar:2.8.1:runtime [INFO] | - com.sap.cds.repackaged:odata-v4-lib:jar:2.8.1:runtime [INFO] | +- com.fasterxml.jackson.dataformat:jackson-dataformat-xml:jar:2.15.4:runtime [INFO] | | - org.codehaus.woodstox:stax2-api:jar:4.2.1:runtime [INFO] | - com.fasterxml:aalto-xml:jar:1.3.2:runtime [INFO] +- com.sap.cds:cds-feature-cloudfoundry:jar:2.8.1:compile [INFO] | +- com.sap.cds:cds-services-utils:jar:2.8.1:compile [INFO] | | +- com.sap.cloud.security.xsuaa:token-client:jar:3.3.5:compile [INFO] | | - com.sap.cloud.mt:tools:jar:2.8.1:compile [INFO] | - com.sap.cloud.environment.servicebinding:java-sap-vcap-services:jar:0.10.4:compile [INFO] +- com.sap.cds:cds-feature-hana:jar:2.8.1:compile [INFO] | - com.sap.cloud.db.jdbc:ngdbc:jar:2.20.11:compile [INFO] +- com.zaxxer:HikariCP:jar:5.1.0:compile [INFO] +- com.sap.cds:cds-feature-mt:jar:2.8.1:compile [INFO] | +- com.sap.cds:cds-adapter-api:jar:2.8.1:compile [INFO] | +- com.sap.cds:cds-integration-cloud-sdk:jar:2.8.1:compile [INFO] | +- com.sap.cds:cds-services-impl:jar:2.8.1:runtime [INFO] | | +- com.sap.cds:cds-services-messaging:jar:2.8.1:runtime [INFO] | | | - jakarta.jms:jakarta.jms-api:jar:3.1.0:runtime [INFO] | | - org.apache.commons:commons-csv:jar:1.10.0:runtime [INFO] | +- com.sap.cloud.mt:cds-mtx:jar:2.8.1:compile [INFO] | +- com.sap.cloud.mt:multi-tenant-runtime:jar:2.8.1:compile [INFO] | - com.sap.cloud.mt:multi-tenant-subscription:jar:2.8.1:compile [INFO] | - com.sap.cloud.instancemanager:client:jar:3.14.0:compile [INFO] +- com.sap.cds:cds4j-runtime:jar:2.8.1:compile [INFO] | +- com.sap.cds:cds4j-jdbc-spi:jar:2.8.1:compile [INFO] | - com.sap.cds:cds4j-core:jar:2.8.1:compile [INFO] +- com.sap.cloud.sdk:sdk-core:jar:5.6.0:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity:jar:5.6.0:compile [INFO] | | - com.mikesamuel:json-sanitizer:jar:1.2.3:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:connectivity-destination-service:jar:5.6.0:compile [INFO] | | - com.sap.cloud.environment.servicebinding.api:java-consumption-api:jar:0.10.4:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:connectivity-oauth:jar:5.6.0:compile [INFO] | | +- com.sap.cloud.security:java-api:jar:3.3.5:compile [INFO] | | - com.sap.cloud.security:java-security:jar:3.3.5:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:cloudplatform-core:jar:5.6.0:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:tenant:jar:5.6.0:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:security:jar:5.6.0:compile [INFO] | - com.sap.cloud.sdk.cloudplatform:caching:jar:5.6.0:compile [INFO] +- com.sap.cloud.sdk.cloudplatform:connectivity-dwc:jar:5.6.0:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:connectivity-apache-httpclient4:jar:5.6.0:compile [INFO] | +- com.sap.cloud.environment.servicebinding.api:java-core-api:jar:0.10.4:compile [INFO] | +- com.auth0:java-jwt:jar:4.4.0:compile [INFO] | +- org.slf4j:jcl-over-slf4j:jar:2.0.12:runtime [INFO] | +- io.vavr:vavr:jar:0.10.4:compile [INFO] | | - io.vavr:vavr-match:jar:0.10.4:compile [INFO] | +- com.sap.cloud.environment.servicebinding.api:java-access-api:jar:0.10.4:compile [INFO] | +- org.apache.httpcomponents:httpclient:jar:4.5.14:compile [INFO] | | - commons-codec:commons-codec:jar:1.16.1:compile [INFO] | +- org.apache.httpcomponents:httpcore:jar:4.4.16:compile [INFO] | - com.github.ben-manes.caffeine:caffeine:jar:3.1.8:compile [INFO] +- com.sap.cloud.sdk.datamodel:odata-core:jar:5.6.0:compile [INFO] | +- com.sap.cloud.sdk.datamodel:odata-client:jar:5.6.0:compile [INFO] | - com.sap.cloud.sdk.datamodel:fluent-result:jar:5.6.0:compile [INFO] +- org.springframework.boot:spring-boot-starter-web:jar:3.2.4:compile [INFO] | +- org.springframework.boot:spring-boot-starter-json:jar:3.2.4:compile [INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.15.4:compile [INFO] | | - com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.15.4:compile [INFO] | +- org.springframework.boot:spring-boot-starter-tomcat:jar:3.2.4:compile [INFO] | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.19:compile [INFO] | | - org.apache.tomcat.embed:tomcat-embed-websocket:jar:10.1.19:compile [INFO] | +- org.springframework:spring-web:jar:6.1.5:compile [INFO] | - org.springframework:spring-webmvc:jar:6.1.5:compile [INFO] +- org.springframework.boot:spring-boot-starter-actuator:jar:3.2.4:compile [INFO] | +- org.springframework.boot:spring-boot-actuator-autoconfigure:jar:3.2.4:compile [INFO] | | - org.springframework.boot:spring-boot-actuator:jar:3.2.4:compile [INFO] | +- io.micrometer:micrometer-observation:jar:1.12.4:compile [INFO] | | - io.micrometer:micrometer-commons:jar:1.12.4:compile [INFO] | - io.micrometer:micrometer-jakarta9:jar:1.12.4:compile [INFO] | - io.micrometer:micrometer-core:jar:1.12.4:compile [INFO] | +- org.hdrhistogram:HdrHistogram:jar:2.1.12:runtime [INFO] | - org.latencyutils:LatencyUtils:jar:2.0.3:runtime [INFO] +- com.sap.dwc:util-product-config:jar:2.3.3:compile [INFO] +- com.sap.calm.x:dwc-foundation:jar:2.1.0-20240323202913_84b72d8d801ae81024af4c04b5b0bbb838c8c840:compile [INFO] | +- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile [INFO] | +- jakarta.management.j2ee:jakarta.management.j2ee-api:jar:1.1.4:compile [INFO] | +- com.sap.cloud.environment.servicebinding:java-sap-service-operator:jar:0.10.4:compile [INFO] | +- com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:jar:20240325.1:compile [INFO] | | +- com.googlecode.owasp-java-html-sanitizer:java8-shim:jar:20240325.1:compile [INFO] | | - com.googlecode.owasp-java-html-sanitizer:java10-shim:jar:20240325.1:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:sap-passport:jar:4.30.0:compile [INFO] | | - com.sap.core.jdsr:com.sap.js.passport.api:jar:1.8.0:compile [INFO] | +- com.sap.cloud.sdk.cloudplatform:auditlog-scp-cf:jar:4.30.0:compile [INFO] | | - com.sap.cloud.sdk.cloudplatform:auditlog:jar:4.30.0:compile [INFO] | +- com.sap.xs.java:xs-env:jar:1.8.5:compile [INFO] | +- com.sap.cp.auditlog:audit-java-client-impl:jar:2.6.0:compile [INFO] | | +- com.sap.cloud.security:env:jar:3.3.5:compile [INFO] | | - com.sap.cp.auditlog:auditlog-common:jar:2.2.16:compile [INFO] | +- com.sap.cp.auditlog:audit-java-client-api:jar:2.6.0:compile [INFO] | +- org.springframework.boot:spring-boot-starter-security:jar:3.2.4:compile [INFO] | | - org.springframework.security:spring-security-config:jar:6.2.3:compile [INFO] | +- com.sap.cloud.tenantlifecycle:hegemone-specs:jar:2.0.0-20240401145512_cf78c2b3f1bb1c21a09be1448f51bd5e92f11048:compile [INFO] | - com.sap.dwc:util-cap:jar:2.3.3:compile [INFO] +- com.sap.cloud.tenantlifecycle:euporie-dwc-integration:jar:2.0.0-20240325105346_dfb00952f963716ec892f037242400ea3742381c:compile [INFO] | +- io.pivotal.cfenv:java-cfenv-boot:jar:3.1.5:compile [INFO] | | - io.pivotal.cfenv:java-cfenv-jdbc:jar:3.1.5:compile [INFO] | - com.sap.cloud.tenantlifecycle:euporie-authentication:jar:2.0.0-20240214115019_af60650aad511598c8e5aac76f412d341ead5275:compile [INFO] | - org.reflections:reflections:jar:0.10.2:compile [INFO] | - org.javassist:javassist:jar:3.25.0-GA:compile [INFO] +- com.sap.sectesting:fortify-annotations:jar:1.2.2:provided [INFO] +- com.sap.cumulus.jiralinking:jira-annotation:jar:3.5.3:test [INFO] +- com.sap.cloud.security.xsuaa:spring-xsuaa-test:jar:3.3.5:test [INFO] | +- com.nimbusds:nimbus-jose-jwt:jar:9.37.3:compile [INFO] | | - com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile [INFO] | - org.springframework.security:spring-security-jwt:jar:1.1.1.RELEASE:test [INFO] | - org.bouncycastle:bcpkix-jdk15on:jar:1.70:test [INFO] | +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test [INFO] | - org.bouncycastle:bcutil-jdk15on:jar:1.70:test [INFO] +- org.springframework.security:spring-security-oauth2-jose:jar:6.2.3:test [INFO] | +- org.springframework.security:spring-security-oauth2-core:jar:6.2.3:compile [INFO] | - org.springframework:spring-core:jar:6.1.5:compile [INFO] | - org.springframework:spring-jcl:jar:6.1.5:compile [INFO] - org.springframework.boot:spring-boot-starter-test:jar:3.2.4:test [INFO] +- org.springframework.boot:spring-boot-test:jar:3.2.4:test [INFO] +- org.springframework.boot:spring-boot-test-autoconfigure:jar:3.2.4:test [INFO] +- jakarta.xml.bind:jakarta.xml.bind-api:jar:4.0.2:compile [INFO] | - jakarta.activation:jakarta.activation-api:jar:2.1.3:compile [INFO] +- org.assertj:assertj-core:jar:3.24.2:test [INFO] +- org.awaitility:awaitility:jar:4.2.0:test [INFO] +- org.hamcrest:hamcrest:jar:2.2:test [INFO] +- org.junit.jupiter:junit-jupiter:jar:5.10.2:test [INFO] +- org.mockito:mockito-junit-jupiter:jar:5.7.0:test [INFO] +- org.skyscreamer:jsonassert:jar:1.5.1:test [INFO] +- org.springframework:spring-test:jar:6.1.5:test [INFO] - org.xmlunit:xmlunit-core:jar:2.9.1:test [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 1.171 s [INFO] Finished at: 2024-04-09T14:51:57+02:00 [INFO] ------------------------------------------------------------------------

Checklist

CMNiedermayer commented 3 months ago

fyi We have updated the Cloud SDK to version 5.7.0 and the issue is still reproducible.

cschubertcs commented 3 months ago

Hi @chipp-sap,

This is interesting. Our RequestAccessorFilter should only be executed in the same thread the request came in. Also, the filter should have an impact on your parsing of the body at all. So it seems that there is some other change that happened in parallel that might have had an influence here.

... the root case that the payload is empty. This is because the filter chain get's executed in a separate thread.

This means, from my understanding, that the incoming request is processed in the filter chain in the main thread, and your code is processed in a parallel thread. Is that right?

A potential solution could be to use the Spring Annotation @RequestBody to retrieve the body, like that:

- public void handleBeacon(final HttpServletRequest request) {
-   final String body;
-   try {
-   ...
+ public void handleBeacon( @RequestBody final String body) {

In addition one thing I noticed in your classpath: You still have a version 4 dependency on your classpath (com.sap.cloud.sdk.frameworks:resilience4j:jar:4.29.0). You should make sure that this is removed, as you already have the v5 related com.sap.cloud.sdk.cloudplatform:resilience4j:jar:5.6.0 on your classpath.

Greetings Chris

chipp-sap commented 3 months ago

Hi @cschubertcs

This is interesting. Our RequestAccessorFilter should only be executed in the same thread the request came in. Also, the filter should have an impact on your parsing of the body at all. So it seems that there is some other change that happened in parallel that might have had an influence here.

Yes it should. But removing the filter from the dependency chain solves the problem. So, what is the purpose?

This means, from my understanding, that the incoming request is processed in the filter chain in the main thread, and your code is processed in a parallel thread. Is that right?

Yes, this was also visible in the remote debugger.

Changing the signature to public void handleBeacon( @RequestBody final String body) { did not help either.

MatKuhr commented 3 months ago

Hi Christopher,

just adding some thoughts:

removing the filter from the dependency chain solves the problem

I somewhat doubt that. There are plenty of other filters that get applied in addition to ours and ours doesn't modify the servlet request in any form. So it's hard for me to imagine how removing our filter changes anything.

Instead, I am afraid it might be pure luck when it works. IIRC ServletRequest objects are only valid for the thread where the filterChain is called and they may be re-used afterwards for new requests. So it could be that in your async thread you were just lucky enough to use it before the object was re-used for some other incoming request. IIRC to prevent objects from being reused you would have to explicitly mark the request processing as async.

Not exactly sure on the details, but you can find more information online, e.g. check this SO question.

So, what is the purpose?

In your project it isn't required, because some implementation from CAP overrides our filter result. But for many projects it would be required for multi tenancy, thus we include it by default.

Johannes-Schneider commented 2 months ago

Closing this issue due to inactivity.

Please feel free to either reopen this issue or to create a new one in case of further questions/problems.

Best regards, Johannes