Make requests emit metrics when rate limited

[andrew4699]

Description

Makes requests emit metrics when they get rate limited.

There were 2 issues preventing this:

• RateLimiterFilter ran outside the Jersey Servlet, which is before application events get sent
• Changing it to run inside the servlet isn't enough. Aborted requests don't emit the RESOURCE_METHOD_START event.

This PR makes the rate limiting filter a Jersey Servlet filter and makes the per-request metric emitter emit count metrics for requests that have a REQUEST_MATCHED But not RESOURCE_METHOD_START event.

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• See the test that verifies emitted metrics

Checklist:

Please delete options that are not relevant.

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• If adding new functionality, I have discussed my implementation with the community using the linked GitHub issue

[andrew4699]

Fun fact: this actually did nothing previously. It's a lucky coincidence that this ran after the ContextResolverFilter due to addFilter ordering.

[eric-maynard]

Removing this moves it back to USER right?

[andrew4699]

Yes. Previously I don't think it did anything because it was outside Jersey. Also we don't seem to have any Jersey filters so the priority doesn't really matter currently.

[eric-maynard]

This seems like a semantic change unrelated to the metrics. If I'm reading this correctly, this changes the rate limiter to only apply to Jersey resources. Do we want that?

[andrew4699]

Yes because TimedApplicationEventListener, which is what emits metrics on requests, depends on Jersey events.

[eric-maynard]

I get that, but my concern is whether this actually changes the behavior of the system by rate-limiting less things now

[andrew4699]

(Please fact check me as I only started working with Java web services recently)

I think all of our endpoints are in Jersey, so it shouldn't change the scope, but at a minimum it does push rate limiting further into the request handling chain.

The fundamental problem seems to be that only Jersey knows how to map a request path to its handling method (and thus its metric name). If that mapping was available everywhere, most of TimedApplicationEventListener could be re-written as a top level filter.

[collado-mike]

Semantically, there is a difference, as ServletFilters are applied before Jersey Filters. Practically, however, it shouldn't have an impact. I think the only real dependency the RateLimiter might have is that the RealmContext is set in case there are different rate limits per realm. Since the ContextResolverFilter still applies first, we shouldn't see a practical difference.

[jbonofre]

This change is unrelated to metrics, right ?

[andrew4699]

See #423 (comment)

[jbonofre]

FYI, this listener to @TimedApi (populated in mustache template) is not required with Quarkus.

[andrew4699]

Will replace this with https://github.com/apache/polaris/blob/cfd908ad3bc7527d5fbd2127f8eb7bce54a0acbd/polaris-service/src/test/java/org/apache/polaris/service/test/TestMetricsUtil.java once my other PR is merged

[collado-mike]

Semantically, there is a difference, as ServletFilters are applied before Jersey Filters. Practically, however, it shouldn't have an impact. I think the only real dependency the RateLimiter might have is that the RealmContext is set in case there are different rate limits per realm. Since the ContextResolverFilter still applies first, we shouldn't see a practical difference.