Merge branch '7.10'

Author: at055612

.sdkmanrc

@@ -1,4 +1,4 @@
 # Enable auto-env through the sdkman_auto_env config
 # Add key=value pairs of SDKs to use below
-java=21.0.7-tem
+java=21.0.8-tem
 

CHANGELOG.md

@@ -13,6 +13,34 @@ DO NOT ADD CHANGES HERE - ADD THEM USING log_change.sh
 ~~~
 
 
+* Issue **#5135** : Fix proxy multi part gzip handling.
+
+* Uplift JDK to 21.0.8_9 in docker images and sdkmanrc.
+
+* Issue **#5130** : Fix raw size meta bug.
+
+* Issue **#5132** : Fix missing session when AWS ALB does the code flow.
+
+* Fix the OpenID code flow to stop the session being lost after redirection back to the initiating URL.
+
+* Issue **#5101** : Fix select-all filtering when doing a reprocess of everything in a folder. It no longer tries to re-process deleted items streams.
+
+* Issue **#5086** : Improve stream error handling.
+
+* Change the resource store to not rely on sessions. Resources are now linked to a user.
+
+* Issue **#5114** : Improve handling of loss of connection to IDP.
+
+* Change the way security filter decides whether to authenticate or not, e.g. how it determines what is a static resource that does not need authentication.
+
+* Issue **#5115** : Use correct  header during proxy forward requests.
+
+* Issue **#5121** : Proxy aggregation now keeps only common headers in aggregated data.
+
+* Fix exception handling of DistributedTaskFetcher so it will restart after failure.
+
+* Issue **#5127** : Maintain case for proxy meta attributes when logging.
+
 * Issue **#5091** : Stop reference data loads failing if there are no entries in the stream.
 
 * Add `ReceiptId` to the INFO message on data receipt.

scripts/export_content.sh

@@ -0,0 +1,190 @@
+#!/usr/bin/env bash
+
+set -e -o pipefail
+
+showUsage() {
+    echo -e "Usage: ${BLUE}$0 [OPTION]... [UUID]...${NC}"
+    echo -e "OPTIONs:"
+    echo -e "  ${GREEN}-d${NC} - The data file to read from (or '-' for stdin)"
+    echo -e "  ${GREEN}-u${NC} - The base URL to use. If not set, uses http://localhost:8080"
+    echo -e "  ${GREEN}-o${NC} - The file path to export to. If not set it will be written to the current directory with the resource name"
+    echo -e "UUID:"
+    echo -e "  Each UUID is of the form '<UUID>,<Type>', e.g. '18d92d74-a5aa-4a81-83be-46fb6d84a60e,Pipeline'"
+    echo -e "e.g.: ${BLUE}$0 -d - ${NC}    - Exports all UUIDs in std into a file in this directory"
+    echo
+}
+
+setup_echo_colours() {
+  # Exit the script on any error
+  set -e
+
+  # shellcheck disable=SC2034
+  if [ "${MONOCHROME}" = true ]; then
+    RED=''
+    GREEN=''
+    YELLOW=''
+    BLUE=''
+    BLUE2=''
+    DGREY=''
+    NC='' # No Colour
+  else 
+    RED='\033[1;31m'
+    GREEN='\033[1;32m'
+    YELLOW='\033[1;33m'
+    BLUE='\033[1;34m'
+    BLUE2='\033[1;34m'
+    DGREY='\e[90m'
+    NC='\033[0m' # No Colour
+  fi
+}
+
+debug_value() {
+  local name="$1"; shift
+  local value="$1"; shift
+  
+  if [ "${IS_DEBUG}" = true ]; then
+    echo -e "${DGREY}DEBUG ${name}: ${value}${NC}"
+  fi
+}
+
+debug() {
+  local str="$1"; shift
+  
+  if [ "${IS_DEBUG}" = true ]; then
+    echo -e "${DGREY}DEBUG ${str}${NC}"
+  fi
+}
+
+main() {
+  IS_DEBUG=false
+  #SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+
+  setup_echo_colours
+
+  local uuids_arr=()
+  local url_base
+  local data_filename
+  local output_filename
+
+  if [[ -z "${TOKEN}" ]]; then
+    echo -e "${RED}Environment variable TOKEN must be set with an API key or an OAuth token${NC}" >&2
+    exit 1
+  fi
+
+  while [ ${OPTIND} -le "$#" ]; do
+      if getopts d:ho:u: option
+      then
+        case ${option} in
+          h)
+            showUsage
+            ;;
+          u)
+            if [[ -z "${OPTARG}" ]]; then
+              echo -e "${RED}-u argument requires a base URL to be specified${NC}" >&2
+              echo
+              showUsage
+              exit 1
+            fi
+            url_base="${OPTARG}"
+            ;;
+          d)
+            if [[ -z "${OPTARG}" ]]; then
+              echo -e "${RED}-d argument requires a filename or '-' to read from stdin${NC}" >&2
+              echo
+              showUsage
+              exit 1
+            fi
+            data_filename="${OPTARG}"
+            ;;
+          o)
+            if [[ -z "${OPTARG}" ]]; then
+              echo -e "${RED}-o argument requires a file path to output to${NC}" >&2
+              echo
+              showUsage
+              exit 1
+            fi
+            output_filename="${OPTARG}"
+            ;;
+          esac
+      else
+          uuids_arr+=("${!OPTIND}")
+          ((OPTIND++))
+      fi
+  done
+
+  # Add all the uuids from file/stdin
+  if [[ -n "${data_filename}" ]]; then
+    if [[ "${data_filename}" = "-" ]]; then
+      data_filename="/dev/stdin"
+    fi
+
+    while read -r line; do
+      uuids_arr+=( "${line}" )
+    done < "${data_filename}"
+  fi
+
+  if [[ "${#uuids_arr[@]}" -eq 0 ]]; then
+    echo "No UUIDs to export" >&2
+    exit 1
+  fi
+
+
+  local uuids_str
+  uuids_str=$( printf "%s\n" "${uuids_arr[@]}" )
+  local req_json
+  req_json=$( \
+    jq -R -s '{
+      docRefs: [
+        split("\n")[] 
+        | select(length > 0) 
+        | split(",") 
+        | {uuid: .[0], type: .[1]}
+      ]
+    }' <<< "${uuids_str}" )
+
+  #echo -e "${req_json}"
+
+  if [[ -z "${url_base}" ]]; then
+    url_base="http://localhost:8080"
+  fi
+
+  local export_url="${url_base}/api/content/v1/export"
+  local resource_url="${url_base}/resourcestore/"
+
+  local resource_key_json
+  resource_key_json=$( \
+    echo -e "${req_json}" | curl \
+      -s \
+      --request POST \
+      -H "Content-Type:application/json" \
+      -H "Authorization:Bearer ${TOKEN}" \
+      -d @- \
+      "${export_url}" )
+
+  #echo -e "${resource_key_json}"
+
+  local key
+  local name
+  key=$( jq -r '.resourceKey.key' <<< "${resource_key_json}" )
+  name=$( jq -r '.resourceKey.name' <<< "${resource_key_json}" )
+  if [[ -z "${output_filename}" ]]; then
+    output_filename="${name}"
+  fi
+
+  echo -e "${GREEN}Downloading resource ${YELLOW}${key}${GREEN} to file ${BLUE}${output_filename}${NC}"
+  resource_url="${resource_url}?uuid=${key}"
+  #echo -e "${resource_url}"
+
+  curl \
+    -s \
+    --output "${name}" \
+    -H "Authorization: Bearer $TOKEN" \
+    "${resource_url}"
+
+
+  #http POST http://localhost:8080/api/content/v1/export "Authorization:Bearer ${TOKEN}" 
+  #| jq -r '.resourceKey.key') && curl --output content.zip -H "Authorization: Bearer $TOKEN" http://localhost:8080/resourcestore/\?uuid\=$key
+  
+}
+
+main "$@"

scripts/import_content.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+
+# Script to import a single Stroom content pack ZIP file into Stroom.
+# Requires that the environment variable TOKEN is set with either a
+# valid API Key or an OAuth token.
+# Usage:
+# import_content.sh CONTENT_ZIP_FILE [URL_BASE]
+# e.g. import_content.sh /some/path/StroomConfig.zip
+# e.g. import_content.sh /some/path/StroomConfig.zip https://stroom.some.domain
+
+set -e -o pipefail
+
+showUsage() {
+    echo -e "Usage: ${BLUE}$0 [OPTION]... FILE${NC}"
+    echo -e "OPTIONs:"
+    echo -e "  ${GREEN}-d${NC} - The data file to read from (or '-' for stdin)"
+    echo -e "  ${GREEN}-u${NC} - The base URL to use. If not set, uses http://localhost:8080"
+    echo -e "  ${GREEN}-o${NC} - The file path to export to. If not set it will be written to the current directory with the resource name"
+    echo -e "FILE: The file to import"
+    echo -e "e.g.: ${BLUE}$0 content.zip${NC}"
+    echo -e "e.g.: ${BLUE}$0 -u content.zip${NC}"
+    echo
+}
+
+main() {
+  if [[ -z "${TOKEN}" ]]; then
+    echo -e "${RED}Environment variable TOKEN must be set with an API key or an OAuth token${NC}" >&2
+    exit 1
+  fi
+
+  while getopts hu: option; do
+    case ${option} in
+      h)
+        showUsage
+        ;;
+      u)
+        if [[ -z "${OPTARG}" ]]; then
+          echo -e "${RED}-u argument requires a base URL to be specified${NC}" >&2
+          echo
+          showUsage
+          exit 1
+        fi
+        url_base="${OPTARG}"
+        ;;
+    esac
+  done
+
+  # shellcheck disable=SC2124
+  local content_zip_file="${@:$OPTIND:1}"; shift
+  if [[ -z "${content_zip_file}" ]]; then
+    echo -e "${RED}content_zip_file argument must be provided${NC}" >&2
+    exit 1
+  fi
+
+  if [[ -z "${url_base}" ]]; then
+    url_base="http://localhost:8080"
+  fi
+
+  echo -e "${GREEN}Uploading file '${BLUE}${content_zip_file}${GREEN}' to a temporary file${NC}"
+  
+  local response1
+  response1="$( \
+    curl \
+      --silent \
+      --header "Authorization: Bearer ${TOKEN}" \
+      --form "encoding=multipart/form-data" \
+      --form fileUpload="@${content_zip_file}" \
+      --request POST \
+      "${url_base}/importfile.rpc" \
+  )"
+
+  echo -e "${GREEN}File uploaded${NC}"
+  
+  echo -e "${response1}"
+  # response1 looks like 
+  # '#PM#success=true name=StroomConfig.zip key=e015e5d4-8a6a-4454-8d81-913e6c13cca5#PM#'
+
+  local key
+  key="$( \
+    grep \
+      --only-matching \
+      --perl-regexp \
+      '(?<=key=)[^ #]+' \
+      <<< "${response1}"
+  )"
+
+  # name is only really used for logging purposes in stroom, but provide
+  # it anyway
+  local name
+  name="$( \
+    grep \
+      --only-matching \
+      --perl-regexp \
+      '(?<=name=)[^ #]+' \
+      <<< "${response1}"
+  )"
+
+  local import_request
+  import_request="{ \"confirmList\": [], \"importSettings\": { \"importMode\": \"IGNORE_CONFIRMATION\" }, \"resourceKey\": { \"key\": \"${key}\", \"name\": \"${name}\" }  }"
+
+  echo "Importing content"
+
+  # Not interested in the response
+  curl \
+    --silent \
+    --request POST \
+    --header "Authorization:Bearer ${TOKEN}" \
+    --header 'Content-Type: application/json' \
+    --data "${import_request}" \
+    "${url_base}/api/content/v1/import" \
+    > /dev/null
+
+  echo "Content imported successfully"
+  echo "Done!"
+}
+
+main "$@"

stroom-activity/stroom-activity-impl/src/main/java/stroom/activity/impl/CurrentActivityImpl.java

@@ -19,11 +19,11 @@
 import stroom.activity.api.CurrentActivity;
 import stroom.activity.shared.Activity;
 import stroom.security.api.SecurityContext;
+import stroom.util.servlet.SessionUtil;
 
 import com.google.inject.Inject;
 import jakarta.inject.Provider;
 import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -49,17 +49,7 @@ public Activity getActivity() {
 
             try {
                 final HttpServletRequest request = httpServletRequestProvider.get();
-                if (request != null) {
-                    final HttpSession session = request.getSession(false);
-                    if (session != null) {
-                        final Object object = session.getAttribute(NAME);
-                        if (object instanceof Activity) {
-                            activity = (Activity) object;
-                        }
-                    } else {
-                        LOGGER.debug("No Session");
-                    }
-                }
+                activity = SessionUtil.getAttribute(request, NAME, Activity.class, false);
             } catch (final RuntimeException e) {
                 LOGGER.debug(e.getMessage(), e);
             }
@@ -72,14 +62,7 @@ public Activity getActivity() {
     public void setActivity(final Activity activity) {
         securityContext.secure(() -> {
             final HttpServletRequest request = httpServletRequestProvider.get();
-            if (request != null) {
-                final HttpSession session = request.getSession(false);
-                if (session != null) {
-                    session.setAttribute(NAME, activity);
-                } else {
-                    LOGGER.debug("No Session");
-                }
-            }
+            SessionUtil.setAttribute(request, NAME, activity, false);
         });
     }
 }