[4.x] Observers now inherit weight of the ObserveFeature. (helidon-io#8554)

* HttpFeatures now inherit weight of ServerFeatures.
As ObserverFeature weight can be configured, we can control whether it is executed before or after user routing (default is after).

* Updated all features to honor weight from configuration both for server features and associated http features.
* Update of examples that were broken by correct handling of weight in server features

Author: tomas-langer

examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OutboundOverrideExample.java

@@ -24,6 +24,7 @@
 import io.helidon.security.Subject;
 import io.helidon.webserver.WebServer;
 import io.helidon.webserver.WebServerConfig;
+import io.helidon.webserver.context.ContextFeature;
 import io.helidon.webserver.security.SecurityHttpFeature;
 
 /**
@@ -77,7 +78,12 @@ static void setup(WebServerConfig.Builder server) {
         Config clientConfig = Config.create(ConfigSources.classpath("client-service.yaml"));
         Config backendConfig = Config.create(ConfigSources.classpath("backend-service.yaml"));
 
-        server.config(clientConfig.get("security"))
+        // as we use the security http feature directly, we cannot use discovered security feature
+        // this is a unique case where we combine two sets of server set-ups in a single webserver
+        server.featuresDiscoverServices(false)
+                // context feature is a pre-requisite of security
+                .addFeature(ContextFeature.create())
+                .config(clientConfig.get("security"))
                 .routing(routing -> routing
                         .addFeature(SecurityHttpFeature.create(clientConfig.get("security.web-server")))
                         .register(new OverrideService()))

examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExample.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 import io.helidon.security.Subject;
 import io.helidon.webserver.WebServer;
 import io.helidon.webserver.WebServerConfig;
+import io.helidon.webserver.context.ContextFeature;
 import io.helidon.webserver.security.SecurityHttpFeature;
 
 /**
@@ -85,7 +86,12 @@ static void setup(WebServerConfig.Builder server) {
         Config clientConfig = Config.create(ConfigSources.classpath("client-service-jwt.yaml"));
         Config backendConfig = Config.create(ConfigSources.classpath("backend-service-jwt.yaml"));
 
-        server.routing(routing -> routing
+        // as we use the security http feature directly, we cannot use discovered security feature
+        // this is a unique case where we combine two sets of server set-ups in a single webserver
+        server.featuresDiscoverServices(false)
+                // context feature is a pre-requisite of security
+                .addFeature(ContextFeature.create())
+                .routing(routing -> routing
                         .addFeature(SecurityHttpFeature.create(clientConfig.get("security.web-server")))
                         .register(new JwtOverrideService()))
 

examples/security/webserver-signatures/src/main/java/io/helidon/examples/security/signatures/SignatureExampleBuilderMain.java

@@ -39,6 +39,7 @@
 import io.helidon.security.providers.httpsign.OutboundTargetDefinition;
 import io.helidon.webserver.WebServer;
 import io.helidon.webserver.WebServerConfig;
+import io.helidon.webserver.context.ContextFeature;
 import io.helidon.webserver.http.HttpRouting;
 import io.helidon.webserver.security.SecurityFeature;
 import io.helidon.webserver.security.SecurityHttpFeature;
@@ -121,7 +122,12 @@ public static void main(String[] args) {
     }
 
     static void setup(WebServerConfig.Builder server) {
-        server.routing(SignatureExampleBuilderMain::routing1)
+        // as we explicitly configure SecurityHttpFeature, we must disable automated loading of security,
+        // as it would add another feature with different configuration
+        server.featuresDiscoverServices(false)
+                // context is a required pre-requisite of security
+                .addFeature(ContextFeature.create())
+                .routing(SignatureExampleBuilderMain::routing1)
                 .putSocket("service2", socket -> socket
                         .routing(SignatureExampleBuilderMain::routing2));
     }

examples/security/webserver-signatures/src/main/java/io/helidon/examples/security/signatures/SignatureExampleConfigMain.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,7 @@
 import io.helidon.config.ConfigSources;
 import io.helidon.webserver.WebServer;
 import io.helidon.webserver.WebServerConfig;
+import io.helidon.webserver.context.ContextFeature;
 import io.helidon.webserver.http.HttpRouting;
 import io.helidon.webserver.security.SecurityHttpFeature;
 
@@ -72,7 +73,12 @@ public static void main(String[] args) {
     }
 
     static void setup(WebServerConfig.Builder server) {
-        server.routing(SignatureExampleConfigMain::routing1)
+        // as we explicitly configure SecurityHttpFeature, we must disable automated loading of security,
+        // as it would add another feature with different configuration
+        server.featuresDiscoverServices(false)
+                // context is a required pre-requisite of security
+                .addFeature(ContextFeature.create())
+                .routing(SignatureExampleConfigMain::routing1)
                 .putSocket("service2", socket -> socket
                         .routing(SignatureExampleConfigMain::routing2));
     }

openapi/openapi/src/main/java/io/helidon/openapi/OpenApiFeature.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2023, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,6 +30,7 @@
 
 import io.helidon.builder.api.RuntimeType;
 import io.helidon.common.LazyValue;
+import io.helidon.common.Weighted;
 import io.helidon.common.config.Config;
 import io.helidon.common.media.type.MediaType;
 import io.helidon.common.media.type.MediaTypes;
@@ -41,7 +42,7 @@
  * Helidon Support for OpenAPI.
  */
 @RuntimeType.PrototypedBy(OpenApiFeatureConfig.class)
-public final class OpenApiFeature implements ServerFeature, RuntimeType.Api<OpenApiFeatureConfig> {
+public final class OpenApiFeature implements Weighted, ServerFeature, RuntimeType.Api<OpenApiFeatureConfig> {
 
     static final String OPENAPI_ID = "openapi";
     static final double WEIGHT = 90;
@@ -171,6 +172,11 @@ public String type() {
         return OPENAPI_ID;
     }
 
+    @Override
+    public double weight() {
+        return config.weight();
+    }
+
     /**
      * Initialize the model.
      */

webserver/access-log/src/main/java/io/helidon/webserver/accesslog/AccessLogFeature.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2019, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,7 @@
 import java.util.function.Consumer;
 
 import io.helidon.builder.api.RuntimeType;
+import io.helidon.common.Weighted;
 import io.helidon.config.Config;
 import io.helidon.webserver.WebServer;
 import io.helidon.webserver.http.HttpRouting;
@@ -31,7 +32,7 @@
  * Service that adds support for Access logging to Server.
  */
 @RuntimeType.PrototypedBy(AccessLogConfig.class)
-public final class AccessLogFeature implements ServerFeature, RuntimeType.Api<AccessLogConfig> {
+public final class AccessLogFeature implements Weighted, ServerFeature, RuntimeType.Api<AccessLogConfig> {
     /**
      * Name of the {@link System#getLogger(String)} used to log access log records.
      * The message logged contains all information, so the format should be modified
@@ -144,6 +145,11 @@ public String type() {
         return ACCESS_LOG_ID;
     }
 
+    @Override
+    public double weight() {
+        return config.weight();
+    }
+
     AccessLogHttpFeature httpFeature(String socketName) {
         return new AccessLogHttpFeature(weight, clock, logFormat, loggerName, socketName);
     }

webserver/context/src/main/java/io/helidon/webserver/context/ContextFeature.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2022, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,7 +30,7 @@
  * When added to the processing, further processing will be executed in a request specific context.
  */
 @RuntimeType.PrototypedBy(ContextFeatureConfig.class)
-public class ContextFeature implements ServerFeature, RuntimeType.Api<ContextFeatureConfig> {
+public class ContextFeature implements Weighted, ServerFeature, RuntimeType.Api<ContextFeatureConfig> {
     /**
      * Default weight of the feature. It is quite high, as context is used by a lot of other features.
      */
@@ -123,4 +123,9 @@ public String type() {
     public ContextFeatureConfig prototype() {
         return config;
     }
+
+    @Override
+    public double weight() {
+        return config.weight();
+    }
 }

webserver/cors/src/main/java/io/helidon/webserver/cors/CorsFeature.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2022, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@
 import java.util.function.Consumer;
 
 import io.helidon.builder.api.RuntimeType;
+import io.helidon.common.Weighted;
 import io.helidon.common.config.Config;
 import io.helidon.webserver.WebServer;
 import io.helidon.webserver.spi.ServerFeature;
@@ -29,7 +30,7 @@
  * Adds CORS support to Helidon WebServer.
  */
 @RuntimeType.PrototypedBy(CorsConfig.class)
-public class CorsFeature implements ServerFeature, RuntimeType.Api<CorsConfig> {
+public class CorsFeature implements Weighted, ServerFeature, RuntimeType.Api<CorsConfig> {
     /**
      * Default weight of the feature.
      */
@@ -134,4 +135,9 @@ public String type() {
     public CorsConfig prototype() {
         return config;
     }
+
+    @Override
+    public double weight() {
+        return config.weight();
+    }
 }

webserver/observe/config/src/main/java/io/helidon/webserver/observe/config/ConfigObserver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2023, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,9 +22,9 @@
 import java.util.regex.Pattern;
 
 import io.helidon.builder.api.RuntimeType;
-import io.helidon.http.HttpException;
-import io.helidon.http.Status;
+import io.helidon.webserver.http.HttpFeature;
 import io.helidon.webserver.http.HttpRouting;
+import io.helidon.webserver.observe.DisabledObserverFeature;
 import io.helidon.webserver.observe.spi.Observer;
 import io.helidon.webserver.spi.ServerFeature;
 
@@ -105,13 +105,11 @@ public void register(ServerFeature.ServerFeatureContext featureContext,
         if (config.enabled()) {
             for (HttpRouting.Builder routing : observeEndpointRouting) {
                 // register the service itself
-                routing.register(endpoint, new ConfigService(patterns, findProfile(), config.permitAll()));
+                routing.addFeature(new ConfigHttpFeature(endpoint, patterns, findProfile(), config.permitAll()));
             }
         } else {
             for (HttpRouting.Builder builder : observeEndpointRouting) {
-                builder.any(endpoint + "/*", (req, res) -> {
-                    throw new HttpException("Config endpoint is disabled", Status.SERVICE_UNAVAILABLE_503, true);
-                });
+                builder.addFeature(DisabledObserverFeature.create("Config", endpoint + "/*"));
             }
         }
     }
@@ -132,4 +130,23 @@ private static String findProfile() {
         }
         return "";
     }
+
+    private static class ConfigHttpFeature implements HttpFeature {
+        private final String endpoint;
+        private final List<Pattern> patterns;
+        private final String profile;
+        private final boolean permitAll;
+
+        private ConfigHttpFeature(String endpoint, List<Pattern> patterns, String profile, boolean permitAll) {
+            this.endpoint = endpoint;
+            this.patterns = patterns;
+            this.profile = profile;
+            this.permitAll = permitAll;
+        }
+
+        @Override
+        public void setup(HttpRouting.Builder routing) {
+            routing.register(endpoint, new ConfigService(patterns, profile, permitAll));
+        }
+    }
 }

webserver/observe/health/src/main/java/io/helidon/webserver/observe/health/HealthObserver.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2023, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,9 +29,9 @@
 import io.helidon.common.config.Config;
 import io.helidon.health.HealthCheck;
 import io.helidon.health.spi.HealthCheckProvider;
-import io.helidon.http.HttpException;
-import io.helidon.http.Status;
+import io.helidon.webserver.http.HttpFeature;
 import io.helidon.webserver.http.HttpRouting;
+import io.helidon.webserver.observe.DisabledObserverFeature;
 import io.helidon.webserver.observe.spi.Observer;
 import io.helidon.webserver.spi.ServerFeature;
 
@@ -112,15 +112,13 @@ public void register(ServerFeature.ServerFeatureContext featureContext,
 
         String endpoint = endpointFunction.apply(config.endpoint());
         if (config.enabled()) {
-            for (HttpRouting.Builder routing : observeEndpointRouting) {
-                // register the service itself
-                routing.register(endpoint, new HealthService(config, all));
+            for (HttpRouting.Builder builder : observeEndpointRouting) {
+                // we must use a feature to honor weight of the observer feature itself
+                builder.addFeature(new HealthHttpFeature(endpoint, config, all));
             }
         } else {
             for (HttpRouting.Builder builder : observeEndpointRouting) {
-                builder.any(endpoint + "/*", (req, res) -> {
-                    throw new HttpException("Health endpoint is disabled", Status.SERVICE_UNAVAILABLE_503, true);
-                });
+                builder.addFeature(DisabledObserverFeature.create("Health", endpoint + "/*"));
             }
         }
     }
@@ -134,4 +132,21 @@ public String type() {
     public HealthObserverConfig prototype() {
         return config;
     }
+
+    private static class HealthHttpFeature implements HttpFeature {
+        private final String endpoint;
+        private final HealthObserverConfig config;
+        private final List<HealthCheck> all;
+
+        private HealthHttpFeature(String endpoint, HealthObserverConfig config, List<HealthCheck> all) {
+            this.endpoint = endpoint;
+            this.config = config;
+            this.all = all;
+        }
+
+        @Override
+        public void setup(HttpRouting.Builder routing) {
+            routing.register(endpoint, new HealthService(config, all));
+        }
+    }
 }