Add actuator endpoint for finding and deleting sessions

Author: vpavic

spring-boot-actuator-docs/pom.xml

@@ -98,6 +98,11 @@
 			<artifactId>spring-restdocs-mockmvc</artifactId>
 			<scope>provided</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.session</groupId>
+			<artifactId>spring-session-core</artifactId>
+			<scope>provided</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.yaml</groupId>
 			<artifactId>snakeyaml</artifactId>

spring-boot-actuator-docs/src/main/asciidoc/index.adoc

@@ -77,6 +77,44 @@ include::{generated}/partial-logfile/http-response.adoc[]
 
 
 
+=== /sessions
+This endpoint allows retrieving the sessions from Spring Session backed session store, and
+deleting them.
+Sessions can be retrieved by username, or by session id, and deleted by session id.
+
+
+==== Finding sessions for given username
+
+Example cURL request:
+include::{generated}/sessions/curl-request.adoc[]
+
+Example HTTP request:
+include::{generated}/sessions/http-request.adoc[]
+
+Example HTTP response:
+include::{generated}/sessions/http-response.adoc[]
+
+==== Getting a single session
+
+Example cURL request:
+include::{generated}/sessions/get-session/curl-request.adoc[]
+
+Example HTTP request:
+include::{generated}/sessions/get-session/http-request.adoc[]
+
+Example HTTP response:
+include::{generated}/sessions/get-session/http-response.adoc[]
+
+==== Deleting the session
+
+Example cURL request:
+include::{generated}/sessions/delete-session/curl-request.adoc[]
+
+Example HTTP request:
+include::{generated}/sessions/delete-session/http-request.adoc[]
+
+
+
 === /docs
 This endpoint (if available) contains HTML documentation for the other endpoints. Its path
 can be "/docs" (if there is an existing home page) or "/" (otherwise, including if the

spring-boot-actuator-docs/src/restdoc/java/org/springframework/boot/actuate/hypermedia/DocumentationSessionRepository.java

@@ -0,0 +1,136 @@
+/*
+ * Copyright 2012-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.hypermedia;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
+
+/**
+ * {@link FindByIndexNameSessionRepository} implementation for documentation purposes.
+ *
+ * @author Vedran Pavic
+ */
+public class DocumentationSessionRepository
+		implements FindByIndexNameSessionRepository<Session> {
+
+	static final String MOCK_SESSION_ID = "6993c49c-6d29-4117-9242-802b8185470e";
+
+	static final String MOCK_USER = "user";
+
+	private static final Map<String, Session> sessions = Collections
+			.singletonMap(MOCK_SESSION_ID, new DocumentationSession());
+
+	@Override
+	public Session createSession() {
+		return null;
+	}
+
+	@Override
+	public void save(Session expiringSession) {
+
+	}
+
+	@Override
+	public Session findById(String id) {
+		return sessions.get(id);
+	}
+
+	@Override
+	public void deleteById(String id) {
+
+	}
+
+	@Override
+	public Map<String, Session> findByIndexNameAndIndexValue(String indexName,
+			String indexValue) {
+		if (PRINCIPAL_NAME_INDEX_NAME.equals(indexName) && MOCK_USER.equals(indexValue)) {
+			return sessions;
+		}
+		return Collections.emptyMap();
+	}
+
+	private static class DocumentationSession implements Session {
+
+		@Override
+		public String getId() {
+			return MOCK_SESSION_ID;
+		}
+
+		@Override
+		public String changeSessionId() {
+			return MOCK_SESSION_ID;
+		}
+
+		@Override
+		public <T> T getAttribute(String attributeName) {
+			return null;
+		}
+
+		@Override
+		public Set<String> getAttributeNames() {
+			return Collections.singleton("principal");
+		}
+
+		@Override
+		public void setAttribute(String attributeName, Object attributeValue) {
+
+		}
+
+		@Override
+		public void removeAttribute(String attributeName) {
+
+		}
+
+		@Override
+		public Instant getCreationTime() {
+			return Instant.ofEpochMilli(1487617610119L);
+		}
+
+		@Override
+		public void setLastAccessedTime(Instant lastAccessedTime) {
+
+		}
+
+		@Override
+		public Instant getLastAccessedTime() {
+			return Instant.ofEpochMilli(1487617610119L);
+		}
+
+		@Override
+		public void setMaxInactiveInterval(Duration interval) {
+
+		}
+
+		@Override
+		public Duration getMaxInactiveInterval() {
+			return Duration.ofSeconds(1800);
+		}
+
+		@Override
+		public boolean isExpired() {
+			return false;
+		}
+
+	}
+
+}

spring-boot-actuator-docs/src/restdoc/java/org/springframework/boot/actuate/hypermedia/EndpointDocumentation.java

@@ -56,6 +56,7 @@
 import org.springframework.util.StringUtils;
 
 import static org.springframework.restdocs.mockmvc.MockMvcRestDocumentation.document;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -65,7 +66,7 @@
 @WebAppConfiguration
 @TestPropertySource(properties = { "spring.jackson.serialization.indent_output=true",
 		"endpoints.health.sensitive=true", "endpoints.actuator.enabled=false",
-		"management.security.enabled=false" })
+		"endpoints.sessions.enabled=true", "management.security.enabled=false" })
 @DirtiesContext
 @AutoConfigureRestDocs(EndpointDocumentation.RESTDOCS_OUTPUT_DIR)
 @AutoConfigureMockMvc(print = MockMvcPrint.NONE)
@@ -76,8 +77,8 @@ public class EndpointDocumentation {
 	static final File LOG_FILE = new File("target/logs/spring.log");
 
 	private static final Set<String> SKIPPED = Collections
-			.<String>unmodifiableSet(new HashSet<>(
-					Arrays.asList("/docs", "/logfile", "/heapdump", "/auditevents")));
+			.<String>unmodifiableSet(new HashSet<>(Arrays.asList("/docs", "/logfile",
+					"/heapdump", "/auditevents", "/sessions")));
 
 	@Autowired
 	private MvcEndpoints mvcEndpoints;
@@ -157,6 +158,34 @@ public void auditEventsByPrincipalAndType() throws Exception {
 				.andDo(document("auditevents/filter-by-principal-and-type"));
 	}
 
+	@Test
+	public void findSessionsByUsername() throws Exception {
+		this.mockMvc
+				.perform(get("/application/sessions")
+						.param("username", DocumentationSessionRepository.MOCK_USER)
+						.accept(ActuatorMediaTypes.APPLICATION_ACTUATOR_V2_JSON))
+				.andExpect(status().isOk()).andDo(document("sessions"));
+	}
+
+	@Test
+	public void getSession() throws Exception {
+		this.mockMvc
+				.perform(get("/application/sessions/"
+						+ DocumentationSessionRepository.MOCK_SESSION_ID)
+								.accept(ActuatorMediaTypes.APPLICATION_ACTUATOR_V2_JSON))
+				.andExpect(status().isOk()).andDo(document("sessions/get-session"));
+	}
+
+	@Test
+	public void deleteSession() throws Exception {
+		this.mockMvc
+				.perform(delete("/application/sessions/"
+						+ DocumentationSessionRepository.MOCK_SESSION_ID)
+								.accept(ActuatorMediaTypes.APPLICATION_ACTUATOR_V2_JSON))
+				.andExpect(status().isNoContent())
+				.andDo(document("sessions/delete-session"));
+	}
+
 	@Test
 	public void endpoints() throws Exception {
 		File docs = new File("src/main/asciidoc");

spring-boot-actuator-docs/src/restdoc/java/org/springframework/boot/actuate/hypermedia/SpringBootHypermediaApplication.java

@@ -53,6 +53,11 @@ public EnvironmentEndpoint environmentEndpoint() {
 		return new LimitedEnvironmentEndpoint();
 	}
 
+	@Bean
+	public DocumentationSessionRepository sessionRepository() {
+		return new DocumentationSessionRepository();
+	}
+
 	public static void main(String[] args) {
 		SpringApplication.run(SpringBootHypermediaApplication.class, args);
 	}

spring-boot-actuator/pom.xml

@@ -33,6 +33,10 @@
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.datatype</groupId>
+			<artifactId>jackson-datatype-jsr310</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-core</artifactId>
@@ -128,6 +132,11 @@
 			<artifactId>commons-dbcp2</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.session</groupId>
+			<artifactId>spring-session-core</artifactId>
+			<optional>true</optional>
+		</dependency>
 		<dependency>
 			<groupId>org.apache.tomcat.embed</groupId>
 			<artifactId>tomcat-embed-core</artifactId>

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointMBeanExportAutoConfiguration.java

@@ -27,12 +27,14 @@
 import org.springframework.boot.actuate.endpoint.Endpoint;
 import org.springframework.boot.actuate.endpoint.jmx.AuditEventsJmxEndpoint;
 import org.springframework.boot.actuate.endpoint.jmx.EndpointMBeanExporter;
+import org.springframework.boot.actuate.endpoint.jmx.SessionsJmxEndpoint;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnSingleCandidate;
 import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
 import org.springframework.boot.autoconfigure.jmx.JmxAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -41,6 +43,8 @@
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
 import org.springframework.util.StringUtils;
 
 /**
@@ -50,6 +54,7 @@
  * @author Christian Dupuis
  * @author Andy Wilkinson
  * @author Madhura Bhave
+ * @author Vedran Pavic
  */
 @Configuration
 @Conditional(JmxEnabledCondition.class)
@@ -95,6 +100,21 @@ public AuditEventsJmxEndpoint auditEventsEndpoint(
 		return new AuditEventsJmxEndpoint(this.objectMapper, auditEventRepository);
 	}
 
+	@Configuration
+	@ConditionalOnSingleCandidate(FindByIndexNameSessionRepository.class)
+	@ConditionalOnEnabledEndpoint(value = "sessions", enabledByDefault = false)
+	protected class SessionsJmxEndpointConfiguration {
+
+		@Bean
+		public SessionsJmxEndpoint sessionsEndpoint(
+				FindByIndexNameSessionRepository<? extends Session> sessionRepository) {
+			return new SessionsJmxEndpoint(
+					EndpointMBeanExportAutoConfiguration.this.objectMapper,
+					sessionRepository);
+		}
+
+	}
+
 	/**
 	 * Condition to check that spring.jmx and endpoints.jmx are enabled.
 	 */

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/EndpointWebMvcManagementContextConfiguration.java

@@ -41,18 +41,23 @@
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpointSecurityInterceptor;
 import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoints;
+import org.springframework.boot.actuate.endpoint.mvc.SessionsMvcEndpoint;
 import org.springframework.boot.actuate.endpoint.mvc.ShutdownMvcEndpoint;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnSingleCandidate;
 import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ConditionContext;
 import org.springframework.context.annotation.Conditional;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.Environment;
 import org.springframework.core.type.AnnotatedTypeMetadata;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.Session;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.cors.CorsConfiguration;
@@ -208,6 +213,19 @@ public AuditEventsMvcEndpoint auditEventMvcEndpoint(
 		return new AuditEventsMvcEndpoint(auditEventRepository);
 	}
 
+	@Configuration
+	@ConditionalOnSingleCandidate(FindByIndexNameSessionRepository.class)
+	@ConditionalOnEnabledEndpoint(value = "sessions", enabledByDefault = false)
+	protected static class SessionsMvcEndpointConfiguration {
+
+		@Bean
+		public SessionsMvcEndpoint sessionsMvcEndpoint(
+				FindByIndexNameSessionRepository<? extends Session> sessionRepository) {
+			return new SessionsMvcEndpoint(sessionRepository);
+		}
+
+	}
+
 	private static class LogFileCondition extends SpringBootCondition {
 
 		@Override