Fix #15503: Cache MultiJWKsProvider response (#15504)

2025-11-02 03:29:03 +00:00 · 2024-03-10 23:08:03 -07:00 · 2024-03-10 23:08:03 -07:00 · 7d4f1270ab
commit 7d4f1270ab
parent 1f8e232487
2 changed files with 34 additions and 14 deletions
--- a/openmetadata-service/src/main/java/org/openmetadata/service/events/ChangeEventHandler.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/events/ChangeEventHandler.java
@ -68,7 +68,7 @@ public class ChangeEventHandler implements EventHandler {
        }
        // Always set the Change Event Username as context Principal, the one creating the CE
        changeEvent.setUserName(loggedInUserName);
-        LOG.info(
+        LOG.debug(
            "Recording change event {}:{}:{}:{}",
            changeEvent.getTimestamp(),
            changeEvent.getEntityId(),
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java
@ -18,30 +18,50 @@ import com.auth0.jwk.JwkException;
 import com.auth0.jwk.JwkProvider;
 import com.auth0.jwk.SigningKeyNotFoundException;
 import com.auth0.jwk.UrlJwkProvider;
+import com.google.common.cache.CacheBuilder;
+import com.google.common.cache.CacheLoader;
+import com.google.common.cache.LoadingCache;
 import java.net.URL;
 import java.util.List;
+import java.util.concurrent.TimeUnit;
+import org.openmetadata.service.exception.UnhandledServerException;

 final class MultiUrlJwkProvider implements JwkProvider {
  private final List<UrlJwkProvider> urlJwkProviders;
+  private LoadingCache<String, Jwk> CACHE =
+      CacheBuilder.newBuilder()
+          .maximumSize(10)
+          .expireAfterWrite(24, TimeUnit.HOURS)
+          .build(
+              new CacheLoader<>() {
+                @Override
+                public Jwk load(String key) throws Exception {
+                  JwkException lastException =
+                      new SigningKeyNotFoundException(
+                          "JWT Token keyID doesn't match the configured keyID. This usually happens if you didn't configure "
+                              + "proper publicKeyUrls under authentication configuration.",
+                          null);
+                  for (UrlJwkProvider jwkProvider : urlJwkProviders) {
+                    try {
+                      return jwkProvider.get(key);
+                    } catch (JwkException e) {
+                      lastException.addSuppressed(e);
+                    }
+                  }
+                  throw lastException;
+                }
+              });

  public MultiUrlJwkProvider(List<URL> publicKeyUris) {
    this.urlJwkProviders = publicKeyUris.stream().map(UrlJwkProvider::new).toList();
  }

  @Override
-  public Jwk get(String keyId) throws JwkException {
-    JwkException lastException =
-        new SigningKeyNotFoundException(
-            "JWT Token keyID doesn't match the configured keyID. This usually happens if you didn't configure "
-                + "proper publicKeyUrls under authentication configuration.",
-            null);
-    for (UrlJwkProvider jwkProvider : urlJwkProviders) {
-      try {
-        return jwkProvider.get(keyId);
-      } catch (JwkException e) {
-        lastException.addSuppressed(e);
-      }
+  public Jwk get(String keyId) {
+    try {
+      return CACHE.get(keyId);
+    } catch (Exception e) {
+      throw new UnhandledServerException(e.getMessage());
    }
-    throw lastException;
  }
 }