feat(scheduler): add ShedLock to prevent concurrent job execution

erichiroshi · erichiroshi · commit 9f80fa07bae5 · 2026-03-04T10:47:25.000-04:00
Without distributed locking, scheduled jobs run simultaneously on all
instances when the application is horizontally scaled, causing duplicate
deletes and potential race conditions.

- Add ShedLock dependencies (shedlock-spring +
shedlock-provider-jdbc-template)
- Add V007 Flyway migration to create the shedlock table
- Add ShedLockConfig with JdbcTemplateLockProvider using DB clock
(usingDbTime)
  to avoid clock skew issues between instances
- Annotate RefreshTokenCleanupJob with @SchedulerLock
  (lockAtLeastFor=30m, lockAtMostFor=1h)
diff --git a/build.gradle b/build.gradle
@@ -61,6 +61,7 @@ ext {
     jjwtVersion = "0.13.0"
    	testcontainersVersion = "2.0.3"
    	awsS3Version = "2.42.2"
+   	shedlockVersion = "6.9.1"
 }
 
 dependencies {
@@ -123,6 +124,9 @@ dependencies {
     // AWS SDK (para integração com S3)
 	implementation "software.amazon.awssdk:s3:${awsS3Version}"
 
+	// ShedLock — distributed lock para scheduled jobs
+    implementation "net.javacrumbs.shedlock:shedlock-spring:${shedlockVersion}"
+    implementation "net.javacrumbs.shedlock:shedlock-provider-jdbc-template:${shedlockVersion}"
 }
 
 // ─────────────────────────────────────────────
diff --git a/src/integrationTest/java/com/example/library/refresh_token/RefreshTokenCleanupJobIT.java b/src/integrationTest/java/com/example/library/refresh_token/RefreshTokenCleanupJobIT.java
@@ -20,13 +20,13 @@
 
 @SpringBootTest
 @Testcontainers
-@ActiveProfiles("it")
 @Transactional
+@ActiveProfiles("it")
 @DisplayName("RefreshTokenCleanupJob - Integration Tests")
 class RefreshTokenCleanupJobIT {
 
     @Autowired
-    private RefreshTokenCleanupJob cleanupJob;
+    private RefreshTokenCleanupService cleanupJob;
 
     @Autowired
     private RefreshTokenRepository refreshTokenRepository;
@@ -45,7 +45,7 @@ void setUp() {
         testUser.setRoles(Set.of("ROLE_USER"));
         testUser = userRepository.save(testUser);
     }
-
+    
     @Test
     @DisplayName("Deve deletar apenas tokens expirados, mantendo os válidos")
     void shouldDeleteOnlyExpiredTokensKeepingValidOnes() {
@@ -64,7 +64,7 @@ void shouldDeleteOnlyExpiredTokensKeepingValidOnes() {
         refreshTokenRepository.save(valid2);
 
         // Act
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert
         assertThat(refreshTokenRepository.count()).isEqualTo(2); // Apenas os 2 válidos
@@ -86,7 +86,7 @@ void shouldNotDeleteWhenAllTokensAreValid() {
         refreshTokenRepository.save(valid2);
 
         // Act
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert
         assertThat(refreshTokenRepository.count()).isEqualTo(2);
@@ -97,15 +97,10 @@ void shouldNotDeleteWhenAllTokensAreValid() {
     void shouldDeleteAllWhenAllTokensAreExpired() {
         // Arrange
         RefreshToken expired1 = createToken("expired-1", Instant.now().minus(Duration.ofDays(1)));
-        RefreshToken expired2 = createToken("expired-2", Instant.now().minus(Duration.ofDays(2)));
-        RefreshToken expired3 = createToken("expired-3", Instant.now().minus(Duration.ofDays(3)));
-        
         refreshTokenRepository.save(expired1);
-        refreshTokenRepository.save(expired2);
-        refreshTokenRepository.save(expired3);
 
         // Act
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert
         assertThat(refreshTokenRepository.count()).isZero();
@@ -115,7 +110,7 @@ void shouldDeleteAllWhenAllTokensAreExpired() {
     @DisplayName("Não deve fazer nada quando não há tokens no banco")
     void shouldDoNothingWhenNoTokensExist() {
         // Act
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert
         assertThat(refreshTokenRepository.count()).isZero();
@@ -129,7 +124,7 @@ void shouldKeepTokenExpiringRightNow() {
         refreshTokenRepository.save(almostExpired);
 
         // Act
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert
         assertThat(refreshTokenRepository.findByToken("almost-expired")).isPresent();
@@ -143,7 +138,7 @@ void shouldDeleteTokenExpiredOneSecondAgo() {
         refreshTokenRepository.save(justExpired);
 
         // Act
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert
         assertThat(refreshTokenRepository.findByToken("just-expired")).isEmpty();
@@ -164,7 +159,7 @@ void shouldHandleLargeVolumeOfTokens() {
         }
 
         // Act
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert
         assertThat(refreshTokenRepository.count()).isEqualTo(50); // Apenas os válidos
@@ -181,9 +176,9 @@ void shouldHandleMultipleExecutionsSafely() {
         refreshTokenRepository.save(valid);
 
         // Act - executar 3 vezes
-        cleanupJob.cleanupExpiredTokens();
-        cleanupJob.cleanupExpiredTokens();
-        cleanupJob.cleanupExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
+        cleanupJob.deleteExpiredTokens();
 
         // Assert - resultado deve ser idempotente
         assertThat(refreshTokenRepository.count()).isEqualTo(1);
diff --git a/src/integrationTest/java/com/example/library/repository/RefreshTokenRepositoryIT.java b/src/integrationTest/java/com/example/library/repository/RefreshTokenRepositoryIT.java
@@ -11,8 +11,8 @@
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.data.jpa.test.autoconfigure.DataJpaTest;
-import org.springframework.boot.jdbc.test.autoconfigure.AutoConfigureTestDatabase;
 import org.springframework.test.context.ActiveProfiles;
+import org.springframework.transaction.annotation.Transactional;
 import org.testcontainers.junit.jupiter.Testcontainers;
 
 import com.example.library.refresh_token.RefreshToken;
@@ -23,10 +23,10 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 @DataJpaTest
-@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE)
 @Testcontainers
+@Transactional
 @ActiveProfiles("it")
-@DisplayName("RefreshTokenRepository - Integration Tests")
+@DisplayName("RefreshTokenRepositoryIT - Integration Tests")
 class RefreshTokenRepositoryIT {
 
     @Autowired
@@ -40,9 +40,6 @@ class RefreshTokenRepositoryIT {
 
     @BeforeEach
     void setUp() {
-        refreshTokenRepository.deleteAll();
-        userRepository.deleteAll();
-
         testUser = new User();
         testUser.setName("John Doe");
         testUser.setEmail("john@example.com");
diff --git a/src/main/java/com/example/library/config/ShedLockConfig.java b/src/main/java/com/example/library/config/ShedLockConfig.java
@@ -0,0 +1,33 @@
+package com.example.library.config;
+
+import javax.sql.DataSource;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.jdbc.core.JdbcTemplate;
+
+import net.javacrumbs.shedlock.core.LockProvider;
+import net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider;
+import net.javacrumbs.shedlock.spring.annotation.EnableSchedulerLock;
+
+@Configuration
+@EnableSchedulerLock(defaultLockAtMostFor = "10m")
+public class ShedLockConfig {
+
+    /**
+     * Usa o próprio PostgreSQL como backend de lock distribuído.
+     * Não requer infraestrutura extra — apenas a tabela `shedlock` (V007).
+     *
+     * defaultLockAtMostFor = "10m": tempo máximo que o lock pode ficar ativo.
+     * Garante liberação automática se a instância travar ou morrer sem liberar o lock.
+     */
+    @Bean
+    LockProvider lockProvider(DataSource dataSource) {
+        return new JdbcTemplateLockProvider(
+                JdbcTemplateLockProvider.Configuration.builder()
+                        .withJdbcTemplate(new JdbcTemplate(dataSource))
+                        .usingDbTime() // usa o clock do banco — evita problemas com clock skew entre instâncias
+                        .build()
+        );
+    }
+}
diff --git a/src/main/java/com/example/library/refresh_token/RefreshTokenCleanupJob.java b/src/main/java/com/example/library/refresh_token/RefreshTokenCleanupJob.java
@@ -1,53 +1,38 @@
 package com.example.library.refresh_token;
 
-import java.time.Instant;
-
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Component;
-import org.springframework.transaction.annotation.Transactional;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import net.javacrumbs.shedlock.spring.annotation.SchedulerLock;
 
 /**
  * Job agendado para limpar refresh tokens expirados do banco de dados.
- * 
- * Tokens expirados são deletados quando alguém tenta usá-los (via validate()),
- * mas tokens que nunca são usados ficam acumulando no banco.
- * 
- * Este job roda diariamente às 2h da manhã para fazer limpeza preventiva.
+ *
+ * Separação intencional entre lock e transação:
+ * - @SchedulerLock NÃO pode estar num método @Transactional
+ *   porque o lock precisa ser adquirido e liberado FORA da transação.
+ *   Se estivessem juntos, o lock só seria liberado no commit,
+ *   anulando a proteção distribuída do ShedLock.
+ * - A transação fica em RefreshTokenCleanupService, que é chamado
+ *   após o lock ser adquirido.
  */
 @Component
 @RequiredArgsConstructor
 @Slf4j
 public class RefreshTokenCleanupJob {
 
-    private final RefreshTokenRepository repository;
+    private final RefreshTokenCleanupService cleanupService;
 
-    /**
-     * Remove todos os refresh tokens expirados do banco.
-     * 
-     * Cron: "0 0 2 * * *" = todos dia às 02:00 AM
-     * Formato: segundo minuto hora dia mês dia-da-semana
-     * 
-     * Configurável via property:
-     * @Scheduled(cron = "${refresh-token.cleanup.cron:0 0 2 * * *}")
-     */
     @Scheduled(cron = "0 0 2 * * *")
-    @Transactional
+    @SchedulerLock(
+            name = "refreshTokenCleanupJob",
+            lockAtLeastFor = "30m",
+            lockAtMostFor = "1h"
+    )
     public void cleanupExpiredTokens() {
         log.info("Starting cleanup of expired refresh tokens...");
-        
-        try {
-            int deletedCount = repository.deleteByExpiryDateBefore(Instant.now());
-            
-            if (deletedCount > 0) {
-                log.info("Deleted {} expired refresh tokens", deletedCount);
-            } else {
-                log.debug("No expired refresh tokens found");
-            }
-        } catch (Exception e) {
-            log.error("Error cleaning up expired refresh tokens", e);
-        }
+        cleanupService.deleteExpiredTokens();
     }
 }
diff --git a/src/main/java/com/example/library/refresh_token/RefreshTokenCleanupService.java b/src/main/java/com/example/library/refresh_token/RefreshTokenCleanupService.java
@@ -0,0 +1,42 @@
+package com.example.library.refresh_token;
+
+import java.time.Instant;
+
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Serviço responsável pela limpeza transacional de refresh tokens expirados.
+ *
+ * Separado do RefreshTokenCleanupJob intencionalmente:
+ * - O Job gerencia o lock distribuído (ShedLock) sem transação
+ * - Este Service gerencia a transação sem lock
+ *
+ * Esta separação garante que o ShedLock adquira e libere o lock
+ * FORA da transação — comportamento correto e esperado pelo ShedLock.
+ */
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class RefreshTokenCleanupService {
+
+    private final RefreshTokenRepository repository;
+
+    @Transactional
+    public void deleteExpiredTokens() {
+        try {
+            int deletedCount = repository.deleteByExpiryDateBefore(Instant.now());
+
+            if (deletedCount > 0) {
+                log.info("Deleted {} expired refresh tokens", deletedCount);
+            } else {
+                log.debug("No expired refresh tokens found");
+            }
+        } catch (Exception e) {
+            log.error("Error cleaning up expired refresh tokens", e);
+        }
+    }
+}
diff --git a/src/main/resources/db/migration/common/V007__create_shedlock_table.sql b/src/main/resources/db/migration/common/V007__create_shedlock_table.sql
@@ -0,0 +1,15 @@
+-- =============================================
+-- ShedLock — tabela de lock distribuído para scheduled jobs
+-- Garante que apenas uma instância execute cada job por vez
+-- =============================================
+
+CREATE TABLE shedlock (
+    name        VARCHAR(64)  NOT NULL,
+    lock_until  TIMESTAMP    NOT NULL,
+    locked_at   TIMESTAMP    NOT NULL,
+    locked_by   VARCHAR(255) NOT NULL,
+    CONSTRAINT pk_shedlock PRIMARY KEY (name)
+);
+
+COMMENT ON TABLE shedlock
+    IS 'Distributed lock table used by ShedLock to prevent concurrent scheduled job execution across multiple instances';
diff --git a/src/test/java/com/example/library/refresh_token/RefreshTokenCleanupJobTest.java b/src/test/java/com/example/library/refresh_token/RefreshTokenCleanupJobTest.java

Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@ ext {`
`61`	`61`	`jjwtVersion = "0.13.0"`
`62`	`62`	`testcontainersVersion = "2.0.3"`
`63`	`63`	`awsS3Version = "2.42.2"`
	`64`	`+ shedlockVersion = "6.9.1"`
`64`	`65`	`}`
`65`	`66`
`66`	`67`	`dependencies {`
`@@ -123,6 +124,9 @@ dependencies {`
`123`	`124`	`// AWS SDK (para integração com S3)`
`124`	`125`	`implementation "software.amazon.awssdk:s3:${awsS3Version}"`
`125`	`126`
	`127`	`+ // ShedLock — distributed lock para scheduled jobs`
	`128`	`+ implementation "net.javacrumbs.shedlock:shedlock-spring:${shedlockVersion}"`
	`129`	`+ implementation "net.javacrumbs.shedlock:shedlock-provider-jdbc-template:${shedlockVersion}"`
`126`	`130`	`}`
`127`	`131`
`128`	`132`	`// ─────────────────────────────────────────────`