Yicong-Huang opened a new issue, #4887: URL: https://github.com/apache/texera/issues/4887
### Task Summary `org.apache.texera.auth.JwtAuthFilter` currently performs a synchronous `INSERT ... ON CONFLICT DO UPDATE` against `USER_LAST_ACTIVE_TIME` on every authenticated request. This couples authentication to a per-request DB round-trip, mixes activity tracking into the auth pipeline, and serializes JWT verification behind DB latency. Refactor: 1. Strip the DB write out of `JwtAuthFilter`. The filter becomes pure: extract token, verify, set `SecurityContext`. 2. Add a `UserActivityEventListener` (Jersey `ApplicationEventListener`) — pure observer at the monitoring layer, no `ContainerRequestFilter` semantics. Reacts only to `RESOURCE_METHOD_FINISHED`, so unauthenticated / 4xx-failed requests do not count as user activity. 3. Add a `UserActivityTracker` with a per-uid in-memory threshold cache (default 5 minutes) and a single-thread background executor for the actual DB upsert. Caps DB write rate per uid and isolates request threads from DB latency. 4. Register the new listener alongside the existing `AuthDynamicFeature(JwtAuthFilter)` in the four services that already register the filter: access-control-service, config-service, computing-unit-managing-service, file-service. ### Task Type - [x] Refactor / Cleanup - [x] DevOps / Deployment / CI -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
