Describe the bug
Open Telemetry Java Agent version 1.21 don't like the Instrument names produces by Spring Security 6.0 (from Class ObservationFilterChainDecorator)
Here is the WARNING Log :
WARN io.opentelemetry.ApiUsageLogging - Instrument name "spring.security.filterchains.DisableEncodeUrlFilter before" is invalid, returning noop instrument. Instrument names must consist of 63 or fewer characters including alphanumeric, _, ., -, and start with a letter.
The instrument name is produced by Spring Security there : https://github.com/spring-projects/spring-security/blob/65b9dbf031fddff61fb8e13baa67d55131c99055/web/src/main/java/org/springframework/security/web/ObservationFilterChainDecorator.java#L185
parent.before().event(Observation.Event.of(this.name + " before"));
I think this instrument name with a space in the name is not correct in term of good naming conventions or standard.
A bug ticket was opened in the Github of Open Telemetry Java Agent project : https://github.com/open-telemetry/opentelemetry-java-instrumentation/issues/7448
They answered that the fix should be done in Spring Security project.
They believe :
that this sort of naming pattern (whitespaces) might not be accepted by at least some of the monitoring systems supported by Micrometer; it's not just OpenTelemetry that'll trip on this.
To Reproduce Using a simple Spring Boot 3.0.1 project with Kotlin 1.7, JDK 17, Spring Boot 3.0.1 and Spring Security 6.0 and Maven. Using Open Telemetry java Agent v 1.21. Application is running in a docker container, but you can reproduce the problem with a java -jar springboot.jar -javaagent:opentelemetry-javaagent-all.jar
Docker File :
ARG OPENJDK_IMAGE=openjdk:17-slim-bullseye
ARG USER=app
ARG WORKDIR=/app
ARG OPENTELEMETRY_VERSION=1.21.0
ARG OPENTELEMETRY_REPO="https://github.com/open-telemetry/opentelemetry-java-instrumentation"
ARG OPENTELEMETRY_JAR_PATH="/releases/download/v${OPENTELEMETRY_VERSION}/opentelemetry-javaagent.jar"
ARG OPENTELEMETRY_JAR=opentelemetry-javaagent-all.jar
# Build
FROM busybox:stable AS builder
ARG USER
ARG WORKDIR
ARG OPENTELEMETRY_REPO
ARG OPENTELEMETRY_JAR_PATH
ARG OPENTELEMETRY_JAR
RUN addgroup ${USER} \
&& adduser -D -H -G ${USER} ${USER}
WORKDIR ${WORKDIR}
RUN wget -O ${OPENTELEMETRY_JAR} ${OPENTELEMETRY_REPO}${OPENTELEMETRY_JAR_PATH}
# Main
FROM ${OPENJDK_IMAGE}
ARG USER
ARG WORKDIR
ARG OPENTELEMETRY_JAR
COPY --from=builder /etc/group /etc/group
COPY --from=builder /etc/passwd /etc/passwd
USER ${USER}:${USER}
WORKDIR ${WORKDIR}
ENV JAVA_TOOL_OPTIONS=-javaagent:${OPENTELEMETRY_JAR}
COPY --from=builder ${WORKDIR} .
Expected behavior
The expected behaviour is that Open Telemetry Java Agent doesn't create WARNING logs about Spring Security instrument names.
Comment From: pierre-filliolaud
Hi @jzheaux , the instrument names is still invalid because the length is more than 63 characters.
Here is the stack trace:
WARN io.opentelemetry.ApiUsageLogging - Instrument name "spring.security.filterchains.SecurityContextHolderAwareRequestFilter.before" is invalid, returning noop instrument. Instrument names must consist of 63 or fewer characters including alphanumeric, _, ., -, and start with a letter. Returning noop instrument.
Test done with:
org.springframework.security:spring-security-web:6.0.2-SNAPSHOT
Regards
Comment From: olivierboudet
Hello @rschlick I encounter this issue also, is it possible to reopen this to avoid length of more 63 characters ?
Thanks
Comment From: andrebask
Hi @jzheaux, could we reopen this issue?
I'm also getting the same error after upgrading to spring-boot 3.0.3 (spring-security 6.0.2)
WARN io.opentelemetry.ApiUsageLogging - Instrument name "spring.security.filterchains.AnonymousAuthenticationFilter.after" is invalid, returning noop instrument. Instrument names must consist of 63 or fewer characters including alphanumeric, _, ., -, and start with a letter. Returning noop instrument.
Also, this appears to be a warning but is logged with log lever error.
Comment From: hriddhighosh4
Hi @jzheaux, I also got the error in spring 3.0.3. Please reopen the issue