#4120 support token header (#4259)

* #4120 support token header

* #4120 support token header

* #4120 support token header

* #4120 support token header

* #4120 support token header

* #4120 support token header

* #4120 support token header

* dbeaver/pro#4120 added tests, now session in session holder

* dbeaver/pro#4120 review fix naming

* dbeaver/pro#4120 review fixes

* #4120 review fixes

* #4120 session type now final

* #4120 remove part from ce

* #4120 remove part from ce

* #4120 fix header name

* #4120 review fix

* #4120 review fix

* #4120 fix review

---------

Co-authored-by: Serge Rider <serge@jkiss.org>
Co-authored-by: Evgenia <139753579+EvgeniaBzzz@users.noreply.github.com>

Author: 3 people

server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/model/session/BaseWebSession.java

@@ -55,14 +55,21 @@ public abstract class BaseWebSession extends AbstractSessionPersistent {
     @NotNull
     protected final ServletApplication application;
     protected volatile long lastAccessTime;
+    @NotNull
+    private final SessionType sessionType;
 
     private final List<CBWebSessionEventHandler> sessionEventHandlers = new CopyOnWriteArrayList<>();
     private WebSessionEventsFilter eventsFilter;
     private final WebSessionWorkspace workspace;
 
-    public BaseWebSession(@NotNull String id, @NotNull ServletApplication application) throws DBException {
+    public BaseWebSession(
+        @NotNull String id,
+        @NotNull ServletApplication application,
+        @NotNull SessionType sessionType
+    ) throws DBException {
         this.id = id;
         this.application = application;
+        this.sessionType = sessionType;
         this.createTime = System.currentTimeMillis();
         this.lastAccessTime = this.createTime;
         this.workspace = createWebWorkspace();
@@ -176,6 +183,11 @@ public long getLastAccessTimeMillis() {
         return lastAccessTime;
     }
 
+    @NotNull
+    public SessionType getSessionType() {
+        return sessionType;
+    }
+
     public void touchSession() {
         this.lastAccessTime = System.currentTimeMillis();
     }

server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/model/session/SessionType.java

@@ -0,0 +1,23 @@
+/*
+ * DBeaver - Universal Database Manager
+ * Copyright (C) 2010-2026 DBeaver Corp and others
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.cloudbeaver.model.session;
+
+public enum SessionType {
+    WEB,
+    HEADLESS,
+    API_TOKEN
+}

server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/model/session/WebHeadlessSession.java

@@ -1,6 +1,6 @@
 /*
  * DBeaver - Universal Database Manager
- * Copyright (C) 2010-2024 DBeaver Corp and others
+ * Copyright (C) 2010-2026 DBeaver Corp and others
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@ public WebHeadlessSession(
         @NotNull String id,
         @NotNull ServletAuthApplication application
     ) throws DBException {
-        super(id, application);
+        super(id, application, SessionType.HEADLESS);
     }
 
     @Override

server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/model/session/WebHttpRequestInfo.java

@@ -17,6 +17,7 @@
 package io.cloudbeaver.model.session;
 
 import jakarta.servlet.http.HttpServletRequest;
+import org.jkiss.code.NotNull;
 import org.jkiss.code.Nullable;
 import org.jkiss.utils.HttpConstants;
 
@@ -31,24 +32,39 @@ public class WebHttpRequestInfo {
     private final String lastRemoteAddress;
     @Nullable
     private final String lastRemoteUserAgent;
+    @NotNull
+    private final SessionType sessionType;
 
     public WebHttpRequestInfo(HttpServletRequest request) {
-        this.id = request.getSession() == null ? null : request.getSession().getId();
-        this.locale = request.getAttribute("locale");
-        this.lastRemoteAddress = request.getRemoteAddr();
-        this.lastRemoteUserAgent = request.getHeader(USER_AGENT);
+        this(
+            request.getSession() == null ? null : request.getSession().getId(),
+            request.getAttribute("locale"),
+            request.getRemoteAddr(),
+            request.getHeader(USER_AGENT)
+        );
     }
 
     public WebHttpRequestInfo(
         @Nullable String id,
         @Nullable Object locale,
         @Nullable String lastRemoteAddress,
         @Nullable String lastRemoteUserAgent
+    ) {
+        this(id, locale, lastRemoteAddress, lastRemoteUserAgent, SessionType.WEB);
+    }
+
+    public WebHttpRequestInfo(
+        @Nullable String id,
+        @Nullable Object locale,
+        @Nullable String lastRemoteAddress,
+        @Nullable String lastRemoteUserAgent,
+        @NotNull SessionType sessionType
     ) {
         this.id = id;
         this.locale = locale;
         this.lastRemoteAddress = lastRemoteAddress;
         this.lastRemoteUserAgent = lastRemoteUserAgent;
+        this.sessionType = sessionType;
     }
 
     @Nullable
@@ -70,4 +86,9 @@ public String getLastRemoteAddress() {
     public String getLastRemoteUserAgent() {
         return lastRemoteUserAgent;
     }
+
+    @NotNull
+    public SessionType getSessionType() {
+        return sessionType;
+    }
 }

server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/model/session/WebSession.java

@@ -116,7 +116,8 @@ public WebSession(
             CommonUtils.toString(requestInfo.getLocale()),
             application,
             sessionHandlers,
-            requestInfo.getLastRemoteAddress()
+            requestInfo.getLastRemoteAddress(),
+            requestInfo.getSessionType()
         );
         updateSessionParameters(requestInfo);
     }
@@ -128,7 +129,18 @@ protected WebSession(
         @NotNull Map<String, DBWSessionHandler<WebSession>> sessionHandlers,
         @Nullable String remoteAddr
     ) throws DBException {
-        super(id, application);
+        this(id, locale, application, sessionHandlers, remoteAddr, SessionType.WEB);
+    }
+
+    protected WebSession(
+        @NotNull String id,
+        @Nullable String locale,
+        @NotNull ServletApplication application,
+        @NotNull Map<String, DBWSessionHandler<WebSession>> sessionHandlers,
+        @Nullable String remoteAddr,
+        @NotNull SessionType sessionType
+    ) throws DBException {
+        super(id, application, sessionType);
         if (CommonUtils.isEmpty(remoteAddr)) {
             throw new DBException("Remote address cannot be empty");
         }

server/bundles/io.cloudbeaver.server.ce/src/io/cloudbeaver/server/CBApplication.java

@@ -1,6 +1,6 @@
 /*
  * DBeaver - Universal Database Manager
- * Copyright (C) 2010-2025 DBeaver Corp and others
+ * Copyright (C) 2010-2026 DBeaver Corp and others
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
  */
 package io.cloudbeaver.server;
 
+import graphql.execution.instrumentation.Instrumentation;
 import io.cloudbeaver.WebServiceUtils;
 import io.cloudbeaver.auth.NoAuthCredentialsProvider;
 import io.cloudbeaver.model.CBWebServerConfig;
@@ -29,6 +30,7 @@
 import io.cloudbeaver.model.config.CBServerConfig;
 import io.cloudbeaver.registry.WebDriverRegistry;
 import io.cloudbeaver.registry.WebServiceRegistry;
+import io.cloudbeaver.server.graphql.GraphQLEndpoint;
 import io.cloudbeaver.server.jetty.CBJettyServer;
 import io.cloudbeaver.service.DBWServiceInitializer;
 import io.cloudbeaver.service.DBWServiceServerConfigurator;
@@ -685,6 +687,11 @@ protected CBSessionManager createSessionManager() {
         return new CBSessionManager(this);
     }
 
+    @NotNull
+    public GraphQLEndpoint createGraphQLEndpoint(@NotNull Instrumentation instrumentation) {
+        return new GraphQLEndpoint(instrumentation);
+    }
+
     @NotNull
     public WebDriverRegistry getDriverRegistry() {
         return WebDriverRegistry.getInstance();

server/bundles/io.cloudbeaver.server.ce/src/io/cloudbeaver/server/jetty/CBJettyServer.java

@@ -128,7 +128,7 @@ public void runServer() {
                 ServletHolder eventsServletHolder = new ServletHolder("events", new CBEventsLongPollingServlet());
                 servletContextHandler.addServlet(eventsServletHolder, serverConfiguration.getServicesURI() + "events/*");
 
-                GraphQLEndpoint endpoint = new GraphQLEndpoint(new ServerConfigurationTimeLimitFilter(application));
+                GraphQLEndpoint endpoint = application.createGraphQLEndpoint(new ServerConfigurationTimeLimitFilter(application));
                 application.addApplicationContextValue(GraphQL.class.getName(), endpoint.getGraphQL());
                 String gqlServletPath = serverConfiguration.getServicesURI() + "gql/*";
                 servletContextHandler.addServlet(
@@ -261,4 +261,4 @@ public synchronized void refreshJettyConfig() {
             cbSessionHandler.setSecureCookies(application.getServerConfiguration().isForceHttps());
         }
     }
-}
+}

server/bundles/io.cloudbeaver.server.ce/src/io/cloudbeaver/service/session/CBSessionManager.java

@@ -51,7 +51,7 @@ public class CBSessionManager implements WebAppSessionManager {
     private static final Log log = Log.getLog(CBSessionManager.class);
 
     private final CBApplication<?> application;
-    private final Map<String, BaseWebSession> sessionMap = new HashMap<>();
+    protected final Map<String, BaseWebSession> sessionMap = new HashMap<>();
 
     public CBSessionManager(CBApplication<?> application) {
         this.application = application;
@@ -527,4 +527,5 @@ protected void closeExpiredSession(@NotNull BaseWebSession session) {
         log.debug("> Expire session '" + session.getSessionId() + "'");
         session.close();
     }
+
 }

server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/WebAppSessionManager.java

@@ -1,6 +1,6 @@
 /*
  * DBeaver - Universal Database Manager
- * Copyright (C) 2010-2024 DBeaver Corp and others
+ * Copyright (C) 2010-2026 DBeaver Corp and others
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/graphql/GraphQLEndpoint.java

@@ -239,6 +239,14 @@ private void executeQuery(
         @Nullable Map<String, Object> variables,
         @Nullable String operationName
     ) throws IOException {
+
+        String userId = GraphQLLoggerUtil.getUserId(request);
+        LocalDateTime startTime = LocalDateTime.now();
+
+        if (isQueryHandledBeforeExecution(request, response, variables, operationName, userId)) {
+            return;
+        }
+
         Map<String, Object> mapOfContext =
             Map.of(
                 "request", request,
@@ -254,8 +262,6 @@ private void executeQuery(
         if (operationName != null) {
             contextBuilder.operationName(operationName);
         }
-        String userId = GraphQLLoggerUtil.getUserId(request);
-        LocalDateTime startTime = LocalDateTime.now();
         ExecutionInput executionInput = contextBuilder.build();
         ExecutionResult executionResult = null;
         Exception executionException = null;
@@ -271,23 +277,54 @@ private void executeQuery(
             } else if (executionException != null) {
                 errorMessage = executionException.getMessage();
             }
-            if (WebAppUtils.getWebApplication() instanceof ApiCallInterceptor apiCallInterceptor) {
-                apiCallInterceptor.onApiCallEvent(
-                    request,
-                    variables,
-                    CommonUtils.notEmpty(operationName), userId, startTime,
-                    errorMessage,
-                    API_PROTOCOL
-                );
-            }
+            notifyApiCallInterceptor(request, variables, operationName, userId, startTime, errorMessage);
         }
 
         if (executionResult != null) {
-            Map<String, Object> resJSON = executionResult.toSpecification();
-            String resString = gson.toJson(resJSON);
-            setDevelHeaders(request, response);
-            response.setContentType(GraphQLConstants.CONTENT_TYPE_JSON_UTF8);
-            response.getWriter().print(resString);
+            writeExecutionResult(request, response, executionResult);
+        }
+    }
+
+    protected boolean isQueryHandledBeforeExecution(
+        @NotNull HttpServletRequest request,
+        @NotNull HttpServletResponse response,
+        @Nullable Map<String, Object> variables,
+        @Nullable String operationName,
+        @Nullable String userId
+    ) throws IOException {
+        return false;
+    }
+
+    protected void writeExecutionResult(
+        @NotNull HttpServletRequest request,
+        @NotNull HttpServletResponse response,
+        @NotNull ExecutionResult executionResult
+    ) throws IOException {
+        Map<String, Object> resJSON = executionResult.toSpecification();
+        String resString = gson.toJson(resJSON);
+        setDevelHeaders(request, response);
+        response.setContentType(GraphQLConstants.CONTENT_TYPE_JSON_UTF8);
+        response.getWriter().print(resString);
+    }
+
+    protected void notifyApiCallInterceptor(
+        @NotNull HttpServletRequest request,
+        @Nullable Map<String, Object> variables,
+        @Nullable String operationName,
+        @Nullable String userId,
+        @NotNull LocalDateTime startTime,
+        @Nullable String errorMessage
+    ) {
+        if (WebAppUtils.getWebApplication() instanceof ApiCallInterceptor apiCallInterceptor) {
+            apiCallInterceptor.onApiCallEvent(
+                request,
+                variables,
+                CommonUtils.notEmpty(operationName),
+                userId,
+                startTime,
+                errorMessage,
+                API_PROTOCOL
+            );
         }
     }