ID | IEP-79 |
Author | Pavel Pereslegin |
Sponsor | |
Created | 13 Oct 2021 |
Status | DRAFT |
When implementing microservices, users are often face with the task of separating the business logic from the common "middleware" logic.
An example of a typical “middleware” task is auditing calls to business service methods (the system must understand which user called which methods and with what result).
Modern frameworks such as gRPC and Apache Thrift provide a very flexible API for implementing request interceptors, with which you can solve almost any middleware task.
Apache Ignite does not provide any mechanisms for solving such problems in general. The user needs to implement it himself, which often results in a lot of boilerplate code.
The Ignite Service Grid must support the following capabilities:
public interface ServiceCallInterceptor extends Serializable { public default void onInvoke(ServiceInterceptorContext ctx) throws ServiceInterceptException { // No-op. } public default void onComplete(@Nullable Object res, ServiceInterceptorContext ctx) throws ServiceInterceptException { // No-op. } public default void onError(Throwable err, ServiceInterceptorContext ctx) { // No-op. } }
public interface ServiceCallContext { public String attribute(String name); public byte[] binaryAttribute(String name); }
public interface ServiceInterceptorContext extends ServiceCallContext { public String method(); public @Nullable Object[] arguments(); public void attribute(String name, String val); public void binaryAttribute(String name, byte[] val); }
ServiceCallInterceptor security = new ServiceCallInterceptor() { @Override public void onInvoke(ServiceInterceptorContext ctx) throws ServiceInterceptException { // Check permission before execution of the method. if (!CustomSecurityProvider.get().access(ctx.method(), ctx.attribute("sessionId"))) throw new SecurityException("Method invocation is not permitted"); } } ServiceCallInterceptor audit = new ServiceCallInterceptor() { @Override public void onInvoke(ServiceInterceptorContext ctx) { // Record an event before execution of the method. AuditProvider.get().recordStartEvent(ctx.method(), ctx.attribute("sessionId")); } @Override public void onComplete(@Nullable Object res, ServiceInterceptorContext ctx) { AuditProvider.get().recordFinishEvent(ctx.method(), ctx.attribute("sessionId")); } @Override public void onError(Throwable err, ServiceInterceptorContext ctx) { AuditProvider.get().recordError(ctx.method(), ctx.attribute("sessionId"), err.getMessage()); } } // Set context parameters for service proxy. ServiceCallContext ctx = ServiceCallContext.builder().put("sessionId", sessionId).build(); ServiceConfiguration svcCfg = new ServiceConfiguration() .setName("service") .setService(new MyServiceImpl()) .setMaxPerNodeCount(1) .setInterceptors(security, audit); // Deploy service. ignite.services().deploy(svcCfg); MyService proxy = ignite.services().serviceProxy("service", MyService.class, false, ctx, 0); // A business method call to be intercepted. proxy.placeOrder(order1); proxy.placeOrder(order2);
Interceptor only applies to user-defined business methods and does not apply to service lifecycle methods - init, execute and cancel,
Interceptor can modify ServiceCallContext, but Service methods can only read it.
If an interceptor has been specified, but the user has not passed the caller context through the proxy, it will be created dynamically.
The service interceptor is bound to the service during deployment.
One service can have several interceptors.
Interceptor is located and executed where the service is implemented (for Java service - on Java side, for .NET-service on .NET side without any additional serialization).
Interceptor must support ignite instance resource injection.
Interceptor should be LifeCycleAware
// todo ServiceInterceptException
If an interceptor throws an exception, then processing is aborted, but the exception is passed to all listed interceptors (onError)
// todo explain forwardCallerContext