Fix header-based proxy auth crash and improve Dockerfile

fmaass · fmaass · commit 8dd8c059a92e · 2026-03-24T13:42:08.000+01:00
- Guard updateLastConnectionDate() against null auth token when authenticated via X-Authenticated-User header (fixes sismics#786) - Bump default JVM heap to -Xms512m/-Xmx2g with G1GC tuning - Use shell-form CMD so JAVA_OPTIONS env var is expanded by the JVM - Modernize Dockerfile: key=value ENV format, COPY over ADD, clean up Jetty tarball after extraction Made-with: Cursor
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,13 @@
 FROM ubuntu:22.04
-LABEL maintainer="b.gamard@sismics.com"
 
-# Run Debian in non interactive mode
-ENV DEBIAN_FRONTEND noninteractive
+ENV DEBIAN_FRONTEND=noninteractive
 
-# Configure env
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
-ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk-amd64/
-ENV JAVA_OPTIONS -Dfile.encoding=UTF-8 -Xmx1g
-ENV JETTY_VERSION 11.0.20
-ENV JETTY_HOME /opt/jetty
+ENV LANG=C.UTF-8
+ENV LC_ALL=C.UTF-8
+ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/
+ENV JAVA_OPTIONS="-Dfile.encoding=UTF-8 -Xms512m -Xmx2g -XX:+UseG1GC -XX:MaxGCPauseMillis=200"
+ENV JETTY_VERSION=11.0.20
+ENV JETTY_HOME=/opt/jetty
 
 # Install packages
 RUN apt-get update && \
@@ -54,6 +51,7 @@ RUN dpkg-reconfigure -f noninteractive tzdata
 RUN wget -nv -O /tmp/jetty.tar.gz \
     "https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_VERSION}/jetty-home-${JETTY_VERSION}.tar.gz" \
     && tar xzf /tmp/jetty.tar.gz -C /opt \
+    && rm /tmp/jetty.tar.gz \
     && mv /opt/jetty* /opt/jetty \
     && useradd jetty -U -s /bin/false \
     && chown -R jetty:jetty /opt/jetty \
@@ -67,9 +65,9 @@ RUN mkdir /app && \
     cd /app && \
     java -jar /opt/jetty/start.jar --add-modules=server,http,webapp,deploy
 
-ADD docs.xml /app/webapps/docs.xml
-ADD docs-web/target/docs-web-*.war /app/webapps/docs.war
+COPY docs.xml /app/webapps/docs.xml
+COPY docs-web/target/docs-web-*.war /app/webapps/docs.war
 
 WORKDIR /app
 
-CMD ["java", "-jar", "/opt/jetty/start.jar"]
+CMD java ${JAVA_OPTIONS} -jar /opt/jetty/start.jar
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -588,10 +588,12 @@ public Response info() {
                 response.add("is_default_password", Constants.DEFAULT_ADMIN_PASSWORD.equals(adminUser.getPassword()));
             }
         } else {
-            // Update the last connection date
+            // Update the last connection date (null when authenticated via header/proxy)
             String authToken = getAuthToken();
-            AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
-            authenticationTokenDao.updateLastConnectionDate(authToken);
+            if (authToken != null) {
+                AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
+                authenticationTokenDao.updateLastConnectionDate(authToken);
+            }
             
             // Build the response
             response.add("anonymous", false);
