Fix Vertex session user ID reporting#1180
Open
rolandkakonyi wants to merge 1 commit into
Open
Conversation
rolandkakonyi
marked this pull request as ready for review
May 4, 2026 08:40
rolandkakonyi
marked this pull request as draft
May 4, 2026 09:29
rolandkakonyi
marked this pull request as ready for review
May 4, 2026 09:31
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
3 times, most recently
from
May 12, 2026 09:36
1ed8085 to
39ae9cc
Compare
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
2 times, most recently
from
May 21, 2026 10:57
00fc9fe to
b5f0534
Compare
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
2 times, most recently
from
May 27, 2026 13:28
18831aa to
4348dd5
Compare
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
2 times, most recently
from
June 8, 2026 07:16
8c8b25a to
fdb8e48
Compare
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
3 times, most recently
from
June 15, 2026 08:01
78d5645 to
dc145fb
Compare
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
from
June 22, 2026 07:09
dc145fb to
9eabd4d
Compare
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
from
June 30, 2026 07:20
9eabd4d to
3551a2c
Compare
Contributor
|
Hi @rolandkakonyi, thank you for your contribution! We appreciate you taking the time to submit this pull request. I noticed that there are merge conflicts present, could you please resolve them to proceed with the review? |
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
from
July 13, 2026 08:10
3551a2c to
56dc87c
Compare
Contributor
Author
|
Hi @hemasekhar-p! |
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
2 times, most recently
from
July 15, 2026 07:11
e1df2ab to
a97f426
Compare
rolandkakonyi
force-pushed
the
fix-vertex-session-user-id
branch
from
July 16, 2026 09:46
a97f426 to
06a9387
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Please ensure you have read the contribution guide before creating a pull request.
Link to Issue or Description of Change
2. Or, if no issue exists, describe the change:
Problem:
VertexAiSessionServiceconstructed returnedSessionobjects with the caller-provideduserIdinstead of theuserIdreturned by the Vertex AI Session API. That madegetSessionable to report the requester as the owner of a session even when the backend response belonged to a different user.listSessionshad the same parsing issue for each listed session.Solution:
Use the backend response
userIdwhen parsing listed sessions. For single-session reads, compare the backend responseuserIdwith the requesteduserIdand fail closed on mismatch. This aligns the Java behavior withadk-python'sVertexAiSessionService, which validatesget_session_response.user_idand usesapi_session.user_idfor listed sessions.Testing Plan
Unit Tests:
Passed:
./mvnw -pl core -Dtest=VertexAiSessionServiceTest testenv -u OPENAI_API_KEY -u ANTHROPIC_API_KEY -u GOOGLE_API_KEY ./mvnw testThe full reactor test run passed all modules. The provider API keys were intentionally unset so optional live LangChain4j provider tests remained skipped instead of depending on local OpenAI, Anthropic, or Gemini credentials.
Manual End-to-End (E2E) Tests:
Verified against a live Vertex AI Agent Engine using REST calls and the patched Java
VertexAiSessionService.getreturns the backenduserId.getSessionreturns the session for the matching user.getSessionfails closed when the requested user differs from the backend session owner.listSessionspreserves the backenduserId.Checklist
Additional context
This is a single-commit fix scoped to
coresession parsing and ownership validation.