Consider shorter stack traces

[grgrzybek]

Currently, when some hawtio servlet is invoked, we have stack traces similar to (running on SpringBoot):

"XNIO-2 task-5@9475" prio=5 tid=0x53 nid=NA runnable
  java.lang.Thread.State: RUNNABLE
	  at io.hawt.web.auth.LoginServlet.doPost(LoginServlet.java:62)
	  at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:547)
	  at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614)
	  at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	  at io.hawt.web.auth.LoginRedirectFilter.doFilter(LoginRedirectFilter.java:70)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.hawt.web.auth.SessionExpiryFilter.process(SessionExpiryFilter.java:110)
	  at io.hawt.web.auth.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:66)
	  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	  at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	  at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	  at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	  at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	  at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	  at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
	  at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	  at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	  at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	  at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	  at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
	  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	  at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
	  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132)
	  at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	  at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	  at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256)
	  at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:101)
	  at io.undertow.server.Connectors.executeRootHandler(Connectors.java:393)
	  at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
	  at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
	  at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
	  at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
	  at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
	  at java.lang.Thread.run(Thread.java:842)

That's 69 lines. 27 of which is for 9 filters which' only goal is to add response headers (mostly security related):

• cache: Cache-Control + Pragma: no-cache
• CORS: Access-Control-*
• frames: X-Frame-Options
• X-XSS-Protection: 1
• X-Content-Type-Options: nosniff
• Content-Security-Policy - very important
• Strict-Transport-Security
• Public-Key-Pins
• Referrer-Policy

While all are very important, the stack trace doesn't show which one is which and also when Hawtio is ingegrated with other products (like Artemis), these stack traces make it more difficult to analyze problems.

What do you think about creating one filter which would delegate to more fine grained components (easily and nicely done in Spring Boot) that deal with particular headers?

[tadayosi]

I think that the original idea was to make the filters easily composable and some of them easily added and ejected. So long as we can keep the modularity and separation of code for each header, it should be fine to make it a single filter for the http headers.

Note that they are all very important and also should be easily customisable.