[WIP] Provide database specific JdbcIndexedSessionRepository customizers

This commit provides JdbcIndexedSessionRepository customizers for the following databases:

- PostgreSQL
- MySQL
- Oracle
- SQL Server (TODO)

These customizers are intended to address the concurrency issues occurring on insert of new session attribute by applying database specific SQL upsert/merge statement instead of a generic insert.

Closes: #1213

Author: vpavic

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/AbstractJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,22 +29,32 @@
 import org.junit.jupiter.api.Test;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
+import org.springframework.dao.DuplicateKeyException;
+import org.springframework.jdbc.core.JdbcOperations;
+import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.DataSourceTransactionManager;
+import org.springframework.jdbc.support.lob.DefaultLobHandler;
+import org.springframework.jdbc.support.lob.LobCreator;
+import org.springframework.jdbc.support.lob.LobHandler;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.MapSession;
+import org.springframework.session.config.SessionRepositoryCustomizer;
 import org.springframework.session.jdbc.JdbcIndexedSessionRepository.JdbcSession;
 import org.springframework.session.jdbc.config.annotation.web.http.EnableJdbcHttpSession;
 import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.transaction.PlatformTransactionManager;
 import org.springframework.transaction.annotation.Transactional;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * Base class for {@link JdbcIndexedSessionRepository} integration tests.
@@ -57,15 +67,27 @@ abstract class AbstractJdbcIndexedSessionRepositoryITests {
 
 	private static final String INDEX_NAME = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
 
+	@Autowired
+	private ApplicationContext applicationContext;
+
+	@Autowired
+	private DataSource dataSource;
+
 	@Autowired
 	private JdbcIndexedSessionRepository repository;
 
+	private JdbcOperations jdbcOperations;
+
+	private LobHandler lobHandler;
+
 	private SecurityContext context;
 
 	private SecurityContext changedContext;
 
 	@BeforeEach
 	void setUp() {
+		this.jdbcOperations = new JdbcTemplate(this.dataSource);
+		this.lobHandler = new DefaultLobHandler();
 		this.context = SecurityContextHolder.createEmptyContext();
 		this.context.setAuthentication(new UsernamePasswordAuthenticationToken("username-" + UUID.randomUUID(), "na",
 				AuthorityUtils.createAuthorityList("ROLE_USER")));
@@ -759,6 +781,32 @@ void saveWithLargeAttribute() {
 		assertThat((byte[]) session.getAttribute(attributeName)).hasSize(arraySize);
 	}
 
+	@Test // gh-1213
+	void saveNewSessionAttributeConcurrently() {
+		JdbcSession session = this.repository.createSession();
+		this.repository.save(session);
+		String attributeName = "attribute1";
+		String attributeValue = "value1";
+		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
+			this.jdbcOperations.update("INSERT INTO SPRING_SESSION_ATTRIBUTES VALUES (?, ?, ?)", (ps) -> {
+				ps.setString(1, (String) ReflectionTestUtils.getField(session, "primaryKey"));
+				ps.setString(2, attributeName);
+				lobCreator.setBlobAsBytes(ps, 3, "value2".getBytes());
+			});
+		}
+		session.setAttribute(attributeName, attributeValue);
+		if (this.applicationContext.getBeansOfType(SessionRepositoryCustomizer.class).isEmpty()) {
+			// without DB specific upsert configured we're seeing duplicate key error
+			assertThatExceptionOfType(DuplicateKeyException.class).isThrownBy(() -> this.repository.save(session));
+		}
+		else {
+			// with DB specific upsert configured we're fine
+			assertThatCode(() -> this.repository.save(session)).doesNotThrowAnyException();
+			assertThat((String) this.repository.findById(session.getId()).getAttribute(attributeName))
+					.isEqualTo(attributeValue);
+		}
+	}
+
 	private String getSecurityName() {
 		return this.context.getAuthentication().getName();
 	}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/MySql8JdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.junit.jupiter.api.extension.ExtendWith;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using MySQL 8.x database
+ * with {@link MySqlJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration
+class MySql8JdbcIndexedSessionRepositoryCustomizerITests extends MySql8JdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		MySqlJdbcIndexedSessionRepositoryCustomizer mySqlJdbcIndexedSessionRepositoryCustomizer() {
+			return new MySqlJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/OracleJdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using Oracle database with
+ * {@link OracleJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+public class OracleJdbcIndexedSessionRepositoryCustomizerITests extends OracleJdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		OracleJdbcIndexedSessionRepositoryCustomizer oracleJdbcIndexedSessionRepositoryCustomizer() {
+			return new OracleJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSql11JdbcIndexedSessionRepositoryCustomizerITests.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using PostgreSQL 11.x
+ * database with {@link PostgreSqlJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+public class PostgreSql11JdbcIndexedSessionRepositoryCustomizerITests
+		extends PostgreSql11JdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class CustomizerConfig extends Config {
+
+		@Bean
+		PostgreSqlJdbcIndexedSessionRepositoryCustomizer postgreSqlJdbcIndexedSessionRepositoryCustomizer() {
+			return new PostgreSqlJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/JdbcIndexedSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -268,7 +268,7 @@ public void setTableName(String tableName) {
 	 */
 	public void setCreateSessionQuery(String createSessionQuery) {
 		Assert.hasText(createSessionQuery, "Query must not be empty");
-		this.createSessionQuery = createSessionQuery;
+		this.createSessionQuery = getQuery(createSessionQuery);
 	}
 
 	/**
@@ -277,7 +277,7 @@ public void setCreateSessionQuery(String createSessionQuery) {
 	 */
 	public void setCreateSessionAttributeQuery(String createSessionAttributeQuery) {
 		Assert.hasText(createSessionAttributeQuery, "Query must not be empty");
-		this.createSessionAttributeQuery = createSessionAttributeQuery;
+		this.createSessionAttributeQuery = getQuery(createSessionAttributeQuery);
 	}
 
 	/**
@@ -286,7 +286,7 @@ public void setCreateSessionAttributeQuery(String createSessionAttributeQuery) {
 	 */
 	public void setGetSessionQuery(String getSessionQuery) {
 		Assert.hasText(getSessionQuery, "Query must not be empty");
-		this.getSessionQuery = getSessionQuery;
+		this.getSessionQuery = getQuery(getSessionQuery);
 	}
 
 	/**
@@ -295,7 +295,7 @@ public void setGetSessionQuery(String getSessionQuery) {
 	 */
 	public void setUpdateSessionQuery(String updateSessionQuery) {
 		Assert.hasText(updateSessionQuery, "Query must not be empty");
-		this.updateSessionQuery = updateSessionQuery;
+		this.updateSessionQuery = getQuery(updateSessionQuery);
 	}
 
 	/**
@@ -304,7 +304,7 @@ public void setUpdateSessionQuery(String updateSessionQuery) {
 	 */
 	public void setUpdateSessionAttributeQuery(String updateSessionAttributeQuery) {
 		Assert.hasText(updateSessionAttributeQuery, "Query must not be empty");
-		this.updateSessionAttributeQuery = updateSessionAttributeQuery;
+		this.updateSessionAttributeQuery = getQuery(updateSessionAttributeQuery);
 	}
 
 	/**
@@ -313,7 +313,7 @@ public void setUpdateSessionAttributeQuery(String updateSessionAttributeQuery) {
 	 */
 	public void setDeleteSessionAttributeQuery(String deleteSessionAttributeQuery) {
 		Assert.hasText(deleteSessionAttributeQuery, "Query must not be empty");
-		this.deleteSessionAttributeQuery = deleteSessionAttributeQuery;
+		this.deleteSessionAttributeQuery = getQuery(deleteSessionAttributeQuery);
 	}
 
 	/**
@@ -322,7 +322,7 @@ public void setDeleteSessionAttributeQuery(String deleteSessionAttributeQuery) {
 	 */
 	public void setDeleteSessionQuery(String deleteSessionQuery) {
 		Assert.hasText(deleteSessionQuery, "Query must not be empty");
-		this.deleteSessionQuery = deleteSessionQuery;
+		this.deleteSessionQuery = getQuery(deleteSessionQuery);
 	}
 
 	/**
@@ -331,7 +331,7 @@ public void setDeleteSessionQuery(String deleteSessionQuery) {
 	 */
 	public void setListSessionsByPrincipalNameQuery(String listSessionsByPrincipalNameQuery) {
 		Assert.hasText(listSessionsByPrincipalNameQuery, "Query must not be empty");
-		this.listSessionsByPrincipalNameQuery = listSessionsByPrincipalNameQuery;
+		this.listSessionsByPrincipalNameQuery = getQuery(listSessionsByPrincipalNameQuery);
 	}
 
 	/**
@@ -340,7 +340,7 @@ public void setListSessionsByPrincipalNameQuery(String listSessionsByPrincipalNa
 	 */
 	public void setDeleteSessionsByExpiryTimeQuery(String deleteSessionsByExpiryTimeQuery) {
 		Assert.hasText(deleteSessionsByExpiryTimeQuery, "Query must not be empty");
-		this.deleteSessionsByExpiryTimeQuery = deleteSessionsByExpiryTimeQuery;
+		this.deleteSessionsByExpiryTimeQuery = getQuery(deleteSessionsByExpiryTimeQuery);
 	}
 
 	/**

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/MySqlJdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies MySQL specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class MySqlJdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "INSERT INTO %TABLE_NAME%_ATTRIBUTES (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "    SELECT PRIMARY_ID, ?, ? "
+			+ "    FROM %TABLE_NAME% "
+			+ "    WHERE SESSION_ID = ? "
+			+ "ON DUPLICATE KEY UPDATE ATTRIBUTE_BYTES = VALUES(ATTRIBUTE_BYTES)";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}