Add actuator endpoint for finding and deleting sessions

[vpavic]

This PR is an alternative approach to implementing sessions endpoint to one proposed in #5730.

Key differences:

• unlike Add session endpoints #5730, this implementation doesn't provide Endpoint implementation i.e. it only provides MVC and JMX endpoints that simply delegate to Spring Session's FindByIndexNameSessionRepository (this is analogous to audit events endpoints - see Add actuator endpoint to retrieve audit events #6579)
• JMX endpoint is based on support for JmxEndpoint implementations without a backing Endpoint (introduced in Add actuator endpoint to retrieve audit events #6579)
• Actuator docs

[vpavic]

I've adapted this PR to the new Actuator endpoint infrastructure. Hands-on developer experience with the new stuff is just great!

[snicoll]

Thanks for the PR @vpavic!

I've made a few suggestions (which might lead us to add another extension point in the Endpoint API).

Also, I wonder if a sample wouldn't be in order for this? This can happen in a separate PR for sure.

[snicoll]

You can't use HttpStatus here as this class may not be available when running with Jersey. That's why that object is taking the raw int code.

[vpavic]

Web framework neutrality completely slipped my mind when using HttpStatus, I'll address that shortly.

Note that I used the same pattern in AuditEventsWebEndpointExtension that was introduced in #10322. Quick search also revealed another usage in HeapDumpWebEndpoint.

[snicoll]

Thanks for the feedback. I've created #10348

[snicoll]

That test does nothing. Verify that the repository was called with the right argument would be in order:

verify(this.repository).deleteById(session.getId());

[snicoll]

I'd add that to the first part of the sentence (see above for an example).

[vpavic]

Thanks for the review @snicoll, I've addressed your concerns.

Regarding the sample remark, would it be OK to reuse the existing spring-boot-sample-session-redis to showcase this functionality?

[snicoll]

Yes. Perhaps we could first rename it and use something else. jdbc comes to mind even I know you guys don't want to promote it too much?

That sample looks outdated as it requires a redis server.

[vpavic]

Can we use the similar approach to one in spring-boot-sample-cache and have multiple build profiles?

[snicoll]

Maybe. Not sure that's an immediate goal but I am happy to review a PR

[vpavic]

@snicoll I've opened #10351 to improve the sample.

[vpavic]

I've updated the PR to adopt to changes from #10350 and enable the new endpoint in spring-boot-sample-session.

[vpavic]

Transient errors involving WebFluxEndpointIntegrationTests like the one below are quite often on Travis CI lately. It's been basically 50-50 with my PR updates over the past few days.

[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   WebFluxEndpointIntegrationTests>AbstractWebEndpointIntegrationTests.writeOperation:165->AbstractWebEndpointIntegrationTests.load:312->AbstractWebEndpointIntegrationTests.load:300->AbstractWebEndpointIntegrationTests.lambda$load$24:313->AbstractWebEndpointIntegrationTests.lambda$writeOperation$11:170 » IllegalState
[INFO] 
[ERROR] Tests run: 440, Failures: 0, Errors: 1, Skipped: 1

[wilkinsona]

We see those on Bamboo too. @bclozel has been investigating. My suspicion is that it's a Linux-specific problem in Netty or Reactor Netty.

[vpavic]

Thanks for the feedback. FWIW I didn't hit those problems on Ubuntu 17.04.

[manderson23]

@vpavic was there a reason that the endpoint doesn't have the option of returning the IDs of all sessions within the repository?

[wilkinsona]

There's no support in Spring Session for getting the IDs of all sessions known to the repository.