Refactor/filter strategies to simplify requestfilter decision tree

.github/workflows/build.yml

@@ -9,7 +9,7 @@ name: Build
 # - REGISTRY_HOST: Container registry host (e.g. mtr.devops.telekom.de)
 # - REGISTRY_REPO: Repository path (e.g. /tardis-internal/gateway/jumper-sse)
 # - REGISTRY_USER: Container registry username
-# - JAVA_VERSION: Java version to use (defaults to '17' if not specified)
+# - JAVA_VERSION: Java version to use (defaults to '21' if not specified)
 # - JAVA_DISTRIBUTION: Java distribution to use (defaults to 'temurin' if not specified)
 # - BASE_IMAGE: The base image used for the Docker build
 #
@@ -34,7 +34,7 @@ permissions:
   contents: read
 
 env:
-  JAVA_VERSION: ${{ vars.JAVA_VERSION || '17' }}
+  JAVA_VERSION: ${{ vars.JAVA_VERSION || '21' }}
   JAVA_DISTRIBUTION: ${{ vars.JAVA_DISTRIBUTION || 'zulu' }}
 
 jobs:
@@ -43,9 +43,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: ${{ env.JAVA_DISTRIBUTION }}
           java-version: ${{ env.JAVA_VERSION }}
@@ -60,23 +60,16 @@ jobs:
       version: ${{ steps.extract-version.outputs.version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: ${{ env.JAVA_DISTRIBUTION }}
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
-      - name: Cache compiled classes
-        uses: actions/cache@v4
-        with:
-          path: target
-          key: ${{ runner.os }}-maven-target-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-maven-target-
       - name: Build with Maven
         run: |
-          mvn -B package -DskipTests -U
+          mvn -B clean package -DskipTests -U
       - name: Extract version
         id: extract-version
         run: |
@@ -94,20 +87,13 @@ jobs:
     needs: [build-maven]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: ${{ env.JAVA_DISTRIBUTION }}
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
-      - name: Cache compiled classes
-        uses: actions/cache@v4
-        with:
-          path: target
-          key: ${{ runner.os }}-maven-target-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-maven-target-
       - name: Run tests
         run: mvn -B test
       - name: Upload test results
@@ -127,12 +113,12 @@ jobs:
       image-tag: ${{ steps.tag.outputs.image-tag }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Download Maven build artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: maven-build
-          path: "target"
+          path: "target" # check of breaking change
       - name: Inject slug vars
         uses: rlespinasse/github-slug-action@v5
       - name: Determine tag
@@ -184,7 +170,7 @@ jobs:
       contents: write
     steps:
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.32.0
+        uses: aquasecurity/trivy-action@0.33.1
         env:
           TRIVY_USERNAME: ${{ vars.REGISTRY_USER }}
           TRIVY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}

.github/workflows/ort.yml

@@ -32,7 +32,7 @@ jobs:
     steps:
       - name: Checkout project
         if: github.event_name != 'pull_request' # Checkout not necessary for PRs
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - uses: dorny/paths-filter@v3
         id: filter
         with:
@@ -53,7 +53,7 @@ jobs:
           git config --global url.https://github.com/.insteadOf ssh://git@github.com/
           git config --global url.https://github.com/.insteadOf git://github.com/
       - name: Checkout project
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare ORT config
         run: |
           # Move into default config dir

.github/workflows/release.yml

@@ -30,7 +30,7 @@ jobs:
       new-release-version: ${{ steps.semantic-release.outputs.new-release-version }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           fetch-tags: 'true'
@@ -48,7 +48,7 @@ jobs:
           EOF
       - name: Semantic Release
         id: semantic-release
-        uses: cycjimmy/semantic-release-action@v4
+        uses: cycjimmy/semantic-release-action@v5
         with:
           branches: |
             ['main']

.github/workflows/reuse.yml

@@ -16,6 +16,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: REUSE Compliance Check
         uses: fsfe/reuse-action@v5

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2023 Apache Software Foundation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+wrapperVersion=3.3.2
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip

Dockerfile

@@ -2,12 +2,12 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-ARG BASE_IMAGE=gcr.io/distroless/java17-debian12:nonroot
+ARG BASE_IMAGE=gcr.io/distroless/java21-debian12:nonroot
 FROM ${BASE_IMAGE}
 
 EXPOSE 8080
 
 COPY target/*.jar /usr/share/app.jar
 
 ENTRYPOINT ["/usr/bin/java", "-jar"]
-CMD ["/usr/share/app.jar"]
+CMD ["/usr/share/app.jar"]

Dockerfile.multi-stage

@@ -8,26 +8,26 @@
 # The final container is started with a non-root user.
 
 
-FROM maven:3.9-eclipse-temurin-17 AS build
+FROM maven:3.9-eclipse-temurin-21 AS build
 RUN mkdir -p /usr/app
 WORKDIR /usr/app
 ADD . /usr/app
 
 RUN mvn -f /usr/app/pom.xml clean package -DskipTests
 
 
-FROM eclipse-temurin:17-jre
+FROM eclipse-temurin:21-jre
 
 RUN apt-get install -y  \
   curl  \
   && rm -rf /var/lib/apt/lists/*
 
-USER 1000:1000
+USER 1001:1001
 
-EXPOSE 8080 8082
+EXPOSE 8080
 
-COPY --from=build /usr/app/target/*.jar /usr/share/app.jar
+COPY target/*.jar /home/cloud/app.jar
 
-WORKDIR /usr/share/
+WORKDIR /home/cloud
 
-CMD java $JVM_OPTS -jar /usr/share/app.jar
+CMD java $JVM_OPTS -jar /home/cloud/app.jar

README.md

@@ -73,7 +73,7 @@ The Dockerfile supports customization via build arguments to specify a custom ba
 docker build --platform linux/amd64 -t jumper --build-arg BASE_IMAGE=<your-preferred-base-image> .
 ```
 
-By default, the Dockerfile uses `eclipse-temurin:17-jre-alpine`.
+By default, the Dockerfile uses `eclipse-temurin:21-jre-alpine`.
 
 #### One-Step Multi-Stage Build
 
@@ -266,7 +266,7 @@ When a consumer sets the `X-Token-Exchange` header containing an external provid
 Spectre allows a third-party listener application to monitor communication between consumer and provider for specific APIs.
 
 **Prerequisites:**
-- Configured `horizon.publishEventUrl` in application properties
+- Configured `jumper.horizon.publishEventUrl` in application properties
 - Properly configured `jumper_config` header with listener settings
 
 ```json

docker-compose.yml

@@ -0,0 +1,50 @@
+# SPDX-FileCopyrightText: 2023 Deutsche Telekom AG
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# file only for local debugging of tracing etc
+
+services:
+  jaeger:
+    image: jaegertracing/jaeger:2.3.0
+    ports:
+      - "16686:16686"
+      - "4317:4317"
+      - "4318:4318"
+      - "9411:9411"
+    volumes:
+      - "./docker-support/jaeger.yml:/etc/jaeger/config.yml"
+    command: [ "--config", "/etc/jaeger/config.yml" ]
+    networks:
+      - jaeger
+    links:
+      - prometheus
+
+  prometheus:
+    image: prom/prometheus:v3.1.0
+    volumes:
+      - "./docker-support/prometheus.yml:/etc/prometheus/prometheus.yml"
+    ports:
+      - "9090:9090"
+    networks:
+      - jaeger
+
+  echo:
+    image: mendhak/http-https-echo:latest
+    platform: linux/amd64
+    ports:
+      - "8081:8080"
+    networks:
+      - jaeger
+
+  redis:
+    image: 'bitnami/redis:latest@sha256:65f55fefc0acd7f1a1da44b39be3044bcfbc03f4a49c4689453097f929f07132'
+    environment:
+      - REDIS_PASSWORD=foobar
+    ports:
+      - '6379:6379'
+    networks:
+      - jaeger
+
+networks:
+  jaeger:

docker-support/jaeger.yml

@@ -0,0 +1,64 @@
+# SPDX-FileCopyrightText: 2023 Deutsche Telekom AG
+#
+# SPDX-License-Identifier: Apache-2.0
+
+service:
+  extensions: [jaeger_storage, jaeger_query]
+  pipelines:
+    traces:
+      receivers: [otlp,zipkin]
+      processors: [batch]
+      exporters: [jaeger_storage_exporter, spanmetrics]
+    metrics/spanmetrics:
+      receivers: [spanmetrics]
+      exporters: [prometheus]
+  telemetry:
+    resource:
+      service.name: jaeger
+    metrics:
+      level: detailed
+      readers:
+        - pull:
+            exporter:
+              prometheus:
+                host: 0.0.0.0
+                port: 8888
+
+extensions:
+  jaeger_query:
+    storage:
+      traces: some_storage
+      metrics: some_metrics_storage
+  jaeger_storage:
+    backends:
+      some_storage:
+        memory:
+          max_traces: 100000
+    metric_backends:
+      some_metrics_storage:
+        prometheus:
+          endpoint: "http://prometheus:9090"
+          normalize_calls: true
+          normalize_duration: true
+
+connectors:
+  spanmetrics:
+
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: "0.0.0.0:4317"
+      http:
+        endpoint: "0.0.0.0:4318"
+  zipkin:
+    endpoint: "0.0.0.0:9411"
+
+processors:
+  batch:
+
+exporters:
+  jaeger_storage_exporter:
+    trace_storage: some_storage
+  prometheus:
+    endpoint: "0.0.0.0:8889"

docker-support/prometheus.yml

@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: 2023 Deutsche Telekom AG
+#
+# SPDX-License-Identifier: Apache-2.0
+
+global:
+  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+scrape_configs:
+  - job_name: aggregated-trace-metrics
+    static_configs:
+      - targets: ['jaeger:8889']