[WIP] Provide database specific JdbcIndexedSessionRepository customizers

This commit provides JdbcIndexedSessionRepository customizers for the following databases:

- PostgreSQL
- Oracle
- MySQL (TODO)
- SQL Server (TODO)

These customizers are intended to address the concurrency issues occurring on insert of new session attribute by applying database specific SQL upsert/merge statement instead of a generic insert.

Closes: spring-projects#1213

Author: vpavic

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/AbstractJdbcIndexedSessionRepositoryITests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,10 +27,16 @@
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.EnabledIfSystemProperty;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
+import org.springframework.jdbc.core.JdbcOperations;
+import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.DataSourceTransactionManager;
+import org.springframework.jdbc.support.lob.DefaultLobHandler;
+import org.springframework.jdbc.support.lob.LobCreator;
+import org.springframework.jdbc.support.lob.LobHandler;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -57,15 +63,24 @@ abstract class AbstractJdbcIndexedSessionRepositoryITests {
 
 	private static final String INDEX_NAME = FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME;
 
+	@Autowired
+	private DataSource dataSource;
+
 	@Autowired
 	private JdbcIndexedSessionRepository repository;
 
+	private JdbcOperations jdbcOperations;
+
+	private LobHandler lobHandler;
+
 	private SecurityContext context;
 
 	private SecurityContext changedContext;
 
 	@BeforeEach
 	void setUp() {
+		this.jdbcOperations = new JdbcTemplate(this.dataSource);
+		this.lobHandler = new DefaultLobHandler();
 		this.context = SecurityContextHolder.createEmptyContext();
 		this.context.setAuthentication(new UsernamePasswordAuthenticationToken("username-" + UUID.randomUUID(), "na",
 				AuthorityUtils.createAuthorityList("ROLE_USER")));
@@ -759,6 +774,23 @@ void saveWithLargeAttribute() {
 		assertThat((byte[]) session.getAttribute(attributeName)).hasSize(arraySize);
 	}
 
+	@Test // gh-1213
+	@EnabledIfSystemProperty(named = "spring.session.jdbc.customQueries", matches = "true")
+	void saveNewSessionAttributeConcurrently() {
+		JdbcSession session = this.repository.createSession();
+		this.repository.save(session);
+		String attributeName = "attribute1";
+		try (LobCreator lobCreator = this.lobHandler.getLobCreator()) {
+			this.jdbcOperations.update("insert into spring_session_attributes values (?, ?, ?)", (ps) -> {
+				ps.setString(1, (String) ReflectionTestUtils.getField(session, "primaryKey"));
+				ps.setString(2, "attribute1");
+				lobCreator.setBlobAsBytes(ps, 3, "value2".getBytes());
+			});
+		}
+		session.setAttribute(attributeName, "value1");
+		this.repository.save(session);
+	}
+
 	private String getSecurityName() {
 		return this.context.getAuthentication().getName();
 	}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/OracleJdbcIndexedSessionRepositoryWithCustomizerITests.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using Oracle database with
+ * {@link OracleJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+public class OracleJdbcIndexedSessionRepositoryWithCustomizerITests extends OracleJdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class ConfigWithCustomizer extends Config {
+
+		@Bean
+		OracleJdbcIndexedSessionRepositoryCustomizer oracleJdbcIndexedSessionRepositoryCustomizer() {
+			System.setProperty("spring.session.jdbc.customQueries", "true");
+			return new OracleJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/integration-test/java/org/springframework/session/jdbc/PostgreSql11CustomizerJdbcIndexedSessionRepositoryITests.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Integration tests for {@link JdbcIndexedSessionRepository} using PostgreSQL 11.x
+ * database with {@link PostgreSqlJdbcIndexedSessionRepositoryCustomizer}.
+ *
+ * @author Vedran Pavic
+ */
+public class PostgreSql11CustomizerJdbcIndexedSessionRepositoryITests
+		extends PostgreSql11JdbcIndexedSessionRepositoryITests {
+
+	@Configuration
+	static class ConfigWithCustomizer extends Config {
+
+		@Bean
+		PostgreSqlJdbcIndexedSessionRepositoryCustomizer postgreSqlJdbcIndexedSessionRepositoryCustomizer() {
+			System.setProperty("spring.session.jdbc.customQueries", "true");
+			return new PostgreSqlJdbcIndexedSessionRepositoryCustomizer();
+		}
+
+	}
+
+}

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/JdbcIndexedSessionRepository.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 the original author or authors.
+ * Copyright 2014-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -268,7 +268,7 @@ public void setTableName(String tableName) {
 	 */
 	public void setCreateSessionQuery(String createSessionQuery) {
 		Assert.hasText(createSessionQuery, "Query must not be empty");
-		this.createSessionQuery = createSessionQuery;
+		this.createSessionQuery = getQuery(createSessionQuery);
 	}
 
 	/**
@@ -277,7 +277,7 @@ public void setCreateSessionQuery(String createSessionQuery) {
 	 */
 	public void setCreateSessionAttributeQuery(String createSessionAttributeQuery) {
 		Assert.hasText(createSessionAttributeQuery, "Query must not be empty");
-		this.createSessionAttributeQuery = createSessionAttributeQuery;
+		this.createSessionAttributeQuery = getQuery(createSessionAttributeQuery);
 	}
 
 	/**
@@ -286,7 +286,7 @@ public void setCreateSessionAttributeQuery(String createSessionAttributeQuery) {
 	 */
 	public void setGetSessionQuery(String getSessionQuery) {
 		Assert.hasText(getSessionQuery, "Query must not be empty");
-		this.getSessionQuery = getSessionQuery;
+		this.getSessionQuery = getQuery(getSessionQuery);
 	}
 
 	/**
@@ -295,7 +295,7 @@ public void setGetSessionQuery(String getSessionQuery) {
 	 */
 	public void setUpdateSessionQuery(String updateSessionQuery) {
 		Assert.hasText(updateSessionQuery, "Query must not be empty");
-		this.updateSessionQuery = updateSessionQuery;
+		this.updateSessionQuery = getQuery(updateSessionQuery);
 	}
 
 	/**
@@ -304,7 +304,7 @@ public void setUpdateSessionQuery(String updateSessionQuery) {
 	 */
 	public void setUpdateSessionAttributeQuery(String updateSessionAttributeQuery) {
 		Assert.hasText(updateSessionAttributeQuery, "Query must not be empty");
-		this.updateSessionAttributeQuery = updateSessionAttributeQuery;
+		this.updateSessionAttributeQuery = getQuery(updateSessionAttributeQuery);
 	}
 
 	/**
@@ -313,7 +313,7 @@ public void setUpdateSessionAttributeQuery(String updateSessionAttributeQuery) {
 	 */
 	public void setDeleteSessionAttributeQuery(String deleteSessionAttributeQuery) {
 		Assert.hasText(deleteSessionAttributeQuery, "Query must not be empty");
-		this.deleteSessionAttributeQuery = deleteSessionAttributeQuery;
+		this.deleteSessionAttributeQuery = getQuery(deleteSessionAttributeQuery);
 	}
 
 	/**
@@ -322,7 +322,7 @@ public void setDeleteSessionAttributeQuery(String deleteSessionAttributeQuery) {
 	 */
 	public void setDeleteSessionQuery(String deleteSessionQuery) {
 		Assert.hasText(deleteSessionQuery, "Query must not be empty");
-		this.deleteSessionQuery = deleteSessionQuery;
+		this.deleteSessionQuery = getQuery(deleteSessionQuery);
 	}
 
 	/**
@@ -331,7 +331,7 @@ public void setDeleteSessionQuery(String deleteSessionQuery) {
 	 */
 	public void setListSessionsByPrincipalNameQuery(String listSessionsByPrincipalNameQuery) {
 		Assert.hasText(listSessionsByPrincipalNameQuery, "Query must not be empty");
-		this.listSessionsByPrincipalNameQuery = listSessionsByPrincipalNameQuery;
+		this.listSessionsByPrincipalNameQuery = getQuery(listSessionsByPrincipalNameQuery);
 	}
 
 	/**
@@ -340,7 +340,7 @@ public void setListSessionsByPrincipalNameQuery(String listSessionsByPrincipalNa
 	 */
 	public void setDeleteSessionsByExpiryTimeQuery(String deleteSessionsByExpiryTimeQuery) {
 		Assert.hasText(deleteSessionsByExpiryTimeQuery, "Query must not be empty");
-		this.deleteSessionsByExpiryTimeQuery = deleteSessionsByExpiryTimeQuery;
+		this.deleteSessionsByExpiryTimeQuery = getQuery(deleteSessionsByExpiryTimeQuery);
 	}
 
 	/**

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/OracleJdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies Oracle specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class OracleJdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "MERGE INTO %TABLE_NAME%_ATTRIBUTES SA "
+			+ "USING ( "
+			+ "    SELECT PRIMARY_ID AS SESSION_PRIMARY_ID, ? AS ATTRIBUTE_NAME, ? AS ATTRIBUTE_BYTES "
+			+ "    FROM %TABLE_NAME% "
+			+ "    WHERE SESSION_ID = ? "
+			+ ") S "
+			+ "ON (SA.SESSION_PRIMARY_ID = S.SESSION_PRIMARY_ID and SA.ATTRIBUTE_NAME = S.ATTRIBUTE_NAME) "
+			+ "WHEN MATCHED THEN "
+			+ "    UPDATE SET SA.ATTRIBUTE_BYTES = S.ATTRIBUTE_BYTES "
+			+ "WHEN NOT MATCHED THEN "
+			+ "    INSERT (SA.SESSION_PRIMARY_ID, SA.ATTRIBUTE_NAME, SA.ATTRIBUTE_BYTES) "
+			+ "    VALUES (S.SESSION_PRIMARY_ID, S.ATTRIBUTE_NAME, S.ATTRIBUTE_BYTES)";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}

spring-session-jdbc/src/main/java/org/springframework/session/jdbc/PostgreSqlJdbcIndexedSessionRepositoryCustomizer.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2014-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.session.jdbc;
+
+import org.springframework.session.config.SessionRepositoryCustomizer;
+
+/**
+ * A {@link SessionRepositoryCustomizer} implementation that applies PostgreSQL specific
+ * optimized SQL statements to {@link JdbcIndexedSessionRepository}.
+ *
+ * @author Vedran Pavic
+ * @since 2.5.0
+ */
+public class PostgreSqlJdbcIndexedSessionRepositoryCustomizer
+		implements SessionRepositoryCustomizer<JdbcIndexedSessionRepository> {
+
+	// @formatter:off
+	private static final String CREATE_SESSION_ATTRIBUTE_QUERY = ""
+			+ "INSERT INTO %TABLE_NAME%_ATTRIBUTES (SESSION_PRIMARY_ID, ATTRIBUTE_NAME, ATTRIBUTE_BYTES) "
+			+ "    SELECT PRIMARY_ID, ?, ? "
+			+ "    FROM %TABLE_NAME% "
+			+ "    WHERE SESSION_ID = ? "
+			+ "ON CONFLICT (SESSION_PRIMARY_ID, ATTRIBUTE_NAME) "
+			+ "DO UPDATE SET ATTRIBUTE_BYTES = EXCLUDED.ATTRIBUTE_BYTES";
+	// @formatter:on
+
+	@Override
+	public void customize(JdbcIndexedSessionRepository sessionRepository) {
+		sessionRepository.setCreateSessionAttributeQuery(CREATE_SESSION_ATTRIBUTE_QUERY);
+	}
+
+}