Fix ErrorProne warnings and OAuth test timing issues

[Chaho12]

Description

Fix error messages during mvn build and test timing issues

• Replace deprecated URL(String) constructor with URI.create().toURL()
• Fix FutureReturnValueIgnored warnings by capturing return values with @SuppressWarnings("unused")
• Replace String.split() with Guava Splitter to avoid StringSplitter warnings
• Use pattern-matching instanceof to simplify type checks
• Fix time access in static initializer by moving to instance field
• Fix integer overflow by adding explicit long suffix (1000L)
• Use Long.compareTo() instead of manual subtraction to avoid sign flip
• Replace Math.abs() with ThreadLocalRandom.nextInt() for safer random number generation
• Suppress TestContainers deprecation warnings with @SuppressWarnings("deprecation")
• Replace Boolean.TRUE/FALSE with boolean literals in test assertions
• Add multi-byte read method override to fix InputStreamSlowMultibyteRead warning
• Replace Iterables.get() with Stream API for modernizer compliance
• Add 10-second clock skew tolerance to JWT verification for containerized environments

Additional context and related issues

Currently, mvn build logs warning

• https://github.com/trinodb/trino-gateway/actions/runs/19052033653/job/54414294473?pr=788#step:4:3530

Warning:  /home/runner/work/trino-gateway/trino-gateway/gateway-ha/src/main/java/io/trino/gateway/ha/clustermonitor/ClusterStatsJdbcMonitor.java:[72,29] URL(java.lang.String) in java.net.URL has been deprecated
Warning:  /home/runner/work/trino-gateway/trino-gateway/gateway-ha/src/main/java/io/trino/gateway/ha/clustermonitor/ActiveClusterMonitor.java:[65,46] [FutureReturnValueIgnored] Return value of methods returning Future must be checked. Ignoring returned Futures suppresses exceptions thrown from the code that completes the Future.
    (see https://errorprone.info/bugpattern/FutureReturnValueIgnored)
  Did you mean 'var unused = scheduledExecutor.scheduleAtFixedRate(() -> {' or to remove this line?
....

Release notes

(x) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required, with the following suggested text:

* Fix some things.

Summary by Sourcery

Address ErrorProne warnings and OAuth test timing issues by refactoring deprecated APIs, adopting safer patterns, suppressing spurious warnings, and adjusting JWT verification tolerance

Bug Fixes:

• Add 10-second clock skew tolerance to JWT verification for containerized environments

Enhancements:

• Replace deprecated URL(String) constructor with URI.create().toURL()
• Capture ignored Future return values and suppress related warnings
• Swap String.split usages for Guava Splitter and Stream API to avoid warnings
• Apply pattern-matching instanceof and use Long.compareTo over subtraction
• Switch from Random to ThreadLocalRandom and add explicit long suffix to time calculations
• Suppress deprecation warnings for TestContainers and scheduled task submissions
• Move webapp start time initialization to instance field to fix timing issues

Tests:

• Consolidate duplicated SSL setup, redirect extraction and HTTP client creation in TestOIDC
• Add multi-byte read override in tests and replace Boolean.TRUE/FALSE with literals

[sourcery-ai]

Reviewer's Guide

This PR addresses ErrorProne warnings and modernizes the code by replacing deprecated APIs, adopting Java pattern matching, fixing timing and overflow issues in production and test code, and enhancing OAuth test stability with SSL trust and clock skew tolerance.

Sequence diagram for scheduled task handling with Future return value capture

sequenceDiagram
participant ActiveClusterMonitor
participant ScheduledExecutor
ActiveClusterMonitor->>ScheduledExecutor: scheduleAtFixedRate(task)
ScheduledExecutor-->>ActiveClusterMonitor: returns Future
ActiveClusterMonitor->>ActiveClusterMonitor: captures Future in unused variable (suppressed warning)

participant ClusterMetricsStatsExporter
participant ScheduledExecutor
ClusterMetricsStatsExporter->>ScheduledExecutor: scheduleAtFixedRate(task)
ScheduledExecutor-->>ClusterMetricsStatsExporter: returns Future
ClusterMetricsStatsExporter->>ClusterMetricsStatsExporter: captures Future in unused variable (suppressed warning)

participant JdbcConnectionManager
participant ExecutorService
JdbcConnectionManager->>ExecutorService: scheduleWithFixedDelay(cleanupTask)
ExecutorService-->>JdbcConnectionManager: returns Future
JdbcConnectionManager->>JdbcConnectionManager: captures Future in unused variable (suppressed warning)

Loading

Class diagram for updated TrinoRequestUser and related utility usage

classDiagram
class TrinoRequestUser {
  +Optional<String> user
  +Optional<UserInfo> userInfo
  +Optional<LoadingCache<String, UserInfo>> userInfoCache
  -extractUserFromAuthorizationHeader(header: String, userField: String): Optional<String>
}
class UserInfo
TrinoRequestUser --> UserInfo
TrinoRequestUser --> LoadingCache

class ProxyUtils {
  +extractQueryIdIfPresent(path: String, query: String): Optional<String>
}

class TrinoQueryProperties {
  -getPreparedStatements(headers: Enumeration<String>): Map<String, String>
}

class StatementUtils {
  +getResourceGroupQueryType(statement: Statement): String
}
StatementUtils --> Statement
Statement <|-- ExplainAnalyze

class LbKeyProvider {
  +getRsaPrivateKey(): RSAPrivateKey
  +getRsaPublicKey(): RSAPublicKey
}
LbKeyProvider --> RSAPrivateKey
LbKeyProvider --> RSAPublicKey

class GatewayCookie {
  +compareTo(o: GatewayCookie): int
}
GatewayCookie --> GatewayCookie

class StochasticRoutingManager {
  +selectBackend(backends: List<ProxyBackendConfiguration>): Optional<ProxyBackendConfiguration>
}
StochasticRoutingManager --> ProxyBackendConfiguration

class LbTokenUtil {
  +validateToken(idToken: String, publicKey: RSAPublicKey, audience: String): boolean
}
LbTokenUtil --> RSAPublicKey

Loading

Class diagram for GatewayWebAppResource timing field update

classDiagram
class GatewayWebAppResource {
  -startTime: LocalDateTime (instance field)
  -formatter: DateTimeFormatter
  -getDistribution(query: QueryDistributionRequest): Response
}
GatewayWebAppResource --> QueryDistributionRequest
GatewayWebAppResource --> Response

Loading

Class diagram for StochasticRoutingManager random backend selection update

classDiagram
class StochasticRoutingManager {
  +selectBackend(backends: List<ProxyBackendConfiguration>): Optional<ProxyBackendConfiguration>
}
StochasticRoutingManager --> ProxyBackendConfiguration

Loading

Class diagram for LbTokenUtil JWT verification with clock skew tolerance

classDiagram
class LbTokenUtil {
  +validateToken(idToken: String, publicKey: RSAPublicKey, audience: String): boolean
}
LbTokenUtil --> RSAPublicKey

Loading

File-Level Changes

Change	Details	Files
Replace deprecated APIs and String.split usage	Use URI.create(...).toURL() instead of new URL(String) Swap String.split() calls for Guava Splitter Modernize metrics parsing with Splitter in ClusterStatsMetricsMonitor	gateway-ha/src/main/java/io/trino/gateway/ha/clustermonitor/ClusterStatsJdbcMonitor.java gateway-ha/src/main/java/io/trino/gateway/ha/clustermonitor/ClusterStatsMetricsMonitor.java gateway-ha/src/main/java/io/trino/gateway/ha/handler/ProxyUtils.java
Fix time initialization and integer overflow	Move START_TIME static initializer to instance field Add explicit long suffix (1000L) to time calculations Replace Math.abs(random.nextInt()) with ThreadLocalRandom.nextInt(), use Long.compareTo() for timestamp delta	gateway-ha/src/main/java/io/trino/gateway/ha/resource/GatewayWebAppResource.java gateway-ha/src/main/java/io/trino/gateway/ha/router/StochasticRoutingManager.java gateway-ha/src/main/java/io/trino/gateway/ha/router/GatewayCookie.java
Adopt pattern-matching instanceof	Simplify key type checks in LbKeyProvider Unwrap ExplainAnalyze using pattern matching Use pattern matching in metrics exporter argThat lambdas	gateway-ha/src/main/java/io/trino/gateway/ha/router/StatementUtils.java gateway-ha/src/main/java/io/trino/gateway/ha/security/LbKeyProvider.java gateway-ha/src/test/java/io/trino/gateway/ha/clustermonitor/TestClusterMetricsStatsExporter.java
Suppress unused return values and deprecation warnings	Annotate scheduledExecutor calls with @SuppressWarnings("unused") Add @SuppressWarnings("deprecation") to TestContainers usage Capture Future return values to silence FutureReturnValueIgnored	gateway-ha/src/main/java/io/trino/gateway/ha/clustermonitor/ActiveClusterMonitor.java gateway-ha/src/main/java/io/trino/gateway/ha/clustermonitor/ClusterMetricsStatsExporter.java gateway-ha/src/main/java/io/trino/gateway/ha/persistence/JdbcConnectionManager.java gateway-ha/src/test/java/io/trino/gateway/ha/router/TestRoutingRulesManager.java
Add clock skew tolerance in JWT validation	Invoke acceptLeeway(10) on JWT verifier for containerized environments	gateway-ha/src/main/java/io/trino/gateway/ha/security/LbTokenUtil.java
Refactor OAuth tests for SSL and request parsing	Consolidate setupInsecureSsl, extractRedirectURL and createOkHttpClient methods Remove duplicate implementations in TestOIDC Suppress deprecation warnings on FixedHostPortGenericContainer	gateway-ha/src/test/java/io/trino/gateway/ha/security/TestOIDC.java
Override multi-byte read in InputStream mock	Add read(byte[],off,len) override in QueryRequestMock to avoid slow multibyte warning	gateway-ha/src/test/java/io/trino/gateway/ha/util/QueryRequestMock.java

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[ebyhr]

Please split into some commits since the commit contains too many changes.

[ebyhr]

https://github.com/trinodb/trino/blob/master/.github/DEVELOPMENT.md#avoid-var

[ksobolew]

Also, we can do Future<?> _ = ... instead of suppressing the unused warning. This is a modern Java way of saying "I don't care about this value".

[ksobolew]

And anyway, I think var _ should be an exception to the "no var" rule.

[ebyhr]

What was the errorprone warning on this change?

[ebyhr]

What was the errorprone warning on this constant?

[ebyhr]

Use isTrue() instead. Same for others.

[ebyhr]

Use isFalse() instead. Same for others.