ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rishi Yagnik <rishiyag...@gmail.com>
Subject Re: IGNITE-2741 - spring session design
Date Thu, 23 Feb 2017 14:07:27 GMT
Thanks Val for looking into it.

On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
valentin.kulichenko@gmail.com> wrote:

> Hi Rishi,
>
> Got it, I think I'm reproducing the issue. I'll take a look and let you
> know my findings soon.
>
> -Val
>
> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <rishiyagnik@gmail.com>
> wrote:
>
> > Hi Val,
> >
> > The issue will occur in cluster environment, please setup the spring boot
> > on 2 different host with LB (F5 OR Reverse proxy) in front and try to
> > login.
> >
> > In cluster environment, Spring security does not recognize the session on
> > the host you are not logged in, as a result, spring security will
> redirect
> > to login url however the correct behavior should be that user would stay
> > logged in with session replication.
> >
> > Do let me know if you need more information.
> >
> > Thanks,
> > Rishi
> >
> >
> >
> > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> > valentin.kulichenko@gmail.com> wrote:
> >
> > > Hi Rishi,
> > >
> > > I was able to build and run the application. Can you give some
> > description
> > > on what should I test to understand the issue? What exactly didn't work
> > for
> > > you?
> > >
> > > -Val
> > >
> > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> > > valentin.kulichenko@gmail.com> wrote:
> > >
> > > > Hi Rishi,
> > > >
> > > > Thanks, I'll take a look.
> > > >
> > > > -Val
> > > >
> > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <rishiyagnik@gmail.com
> >
> > > > wrote:
> > > >
> > > >> Hi Val,
> > > >>
> > > >> As promised, please find attached code for spring boot integration
> > with
> > > >> spring security along with Ignite.
> > > >>
> > > >> Some more information on project -
> > > >>
> > > >>    - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> > > >>    - spring security integrated with boot project along with ignite
> > > >>    - HttpSessionCookieCsrfTokenRepository does not work, gives
> > > >>    intermediate errors on single instance so used
> > > CookieCsrfTokenRepository
> > > >>    for CSRF token, again I think we need a fix here from Ignite.
> > > >>
> > > >> I cant reproduce this errors while I am running on single instance,
> > you
> > > >> need to run this app on 2 spring boot instance having proxy in
> front (
> > > F5,
> > > >> OR any proxy ) with round robin fashion ( no sticky session on F5
OR
> > > >> proxies ).
> > > >>
> > > >> We were thinking with round robin the user session will active since
> > we
> > > >> used session replication on backend.
> > > >>
> > > >> Do let me know if you need more information here.
> > > >>
> > > >> Thanks,
> > > >>
> > > >> Rishi
> > > >>
> > > >>
> > > >>
> > > >>
> > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> rishiyagnik@gmail.com>
> > > >> wrote:
> > > >>
> > > >>> Val,
> > > >>>
> > > >>> My SB sample project is ready however I have asked for an approval
> to
> > > >>> submit sample project to you, it would take day or two.
> > > >>>
> > > >>> I will keep you posted.
> > > >>>
> > > >>> Thanks for all your help,
> > > >>>
> > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> rishiyagnik@gmail.com
> > >
> > > >>> wrote:
> > > >>>
> > > >>>> Let me build an example app for you and send it across to
you.
> > > >>>>
> > > >>>> Thanks,
> > > >>>>
> > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko <
> > > >>>> valentin.kulichenko@gmail.com> wrote:
> > > >>>>
> > > >>>>> Rishi,
> > > >>>>>
> > > >>>>> No I don't, and I think that's what we should start with.
I want
> to
> > > >>>>> understand a use case that is currently not supported
(if any)
> and
> > > then
> > > >>>>> find the best solution. And I would like to reuse existing
code
> as
> > > >>>>> much as
> > > >>>>> possible.
> > > >>>>>
> > > >>>>> Do you have any code that reproduces the problem you had
and how
> > you
> > > >>>>> tried
> > > >>>>> to utilize current web session clustering? Can you share
it with
> > us?
> > > >>>>>
> > > >>>>> -Val
> > > >>>>>
> > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> > > rishiyagnik@gmail.com>
> > > >>>>> wrote:
> > > >>>>>
> > > >>>>> > Hi Val,
> > > >>>>> >
> > > >>>>> > I am working on SB platform with spring security
and we found
> out
> > > >>>>> that the
> > > >>>>> > web session filter ignite provides does not work
for session
> > > >>>>> management on
> > > >>>>> > 2 node spring boot cluster.
> > > >>>>> >
> > > >>>>> > Somehow, spring security filter kicks in result in
some weird
> > > errors
> > > >>>>> with
> > > >>>>> > web session filter.
> > > >>>>> >
> > > >>>>> > So making compatible with spring security somehow,
we need to
> > write
> > > >>>>> > implementation on spring session.
> > > >>>>> >
> > > >>>>> > Do you have any test cases that says web session
filter would
> > work
> > > >>>>> with
> > > >>>>> > spring security on boot platform ?
> > > >>>>> >
> > > >>>>> > Thanks,
> > > >>>>> >
> > > >>>>> >
> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko
<
> > > >>>>> > valentin.kulichenko@gmail.com> wrote:
> > > >>>>> >
> > > >>>>> > > Hi Rishi,
> > > >>>>> > >
> > > >>>>> > > Can you please take a look at web session clustering
feature
> > [1]
> > > >>>>> provided
> > > >>>>> > > by Ignite? I'm looking at Spring Session docs
and it seems to
> > me
> > > >>>>> it does
> > > >>>>> > > exactly the same - replaces HttpSession with
custom
> > > implementation
> > > >>>>> that
> > > >>>>> > has
> > > >>>>> > > a backend storage. If it doesn't provide any
additional API
> or
> > > >>>>> > > functionality, I'm not sure I understand the
benefit of this
> > > >>>>> feature.
> > > >>>>> > >
> > > >>>>> > > Let me know if I'm missing something.
> > > >>>>> > >
> > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session-
> > > clustering
> > > >>>>> > >
> > > >>>>> > > -Val
> > > >>>>> > >
> > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik
<
> > > >>>>> rishiyagnik@gmail.com>
> > > >>>>> > > wrote:
> > > >>>>> > >
> > > >>>>> > > > I would like to discuss session replication
/ fail over
> > design
> > > on
> > > >>>>> > spring
> > > >>>>> > > > boot platform and wanted to find what is
the best out to
> get
> > > >>>>> started
> > > >>>>> > > here ?
> > > >>>>> > > >
> > > >>>>> > > > Possible approaches are as follows -
> > > >>>>> > > >
> > > >>>>> > > >    - Make use of Spring Session for session
replication and
> > > fail
> > > >>>>> over
> > > >>>>> > > >    - Extend the web session filter and
make it work on
> spring
> > > >>>>> boot
> > > >>>>> > > >    application
> > > >>>>> > > >
> > > >>>>> > > >
> > > >>>>> > > > I am thinking that best approach would
be to get started
> here
> > > >>>>> with
> > > >>>>> > spring
> > > >>>>> > > > session design however I am open for feedback
here.
> > > >>>>> > > >
> > > >>>>> > > > --
> > > >>>>> > > > Rishi Yagnik
> > > >>>>> > > >
> > > >>>>> > >
> > > >>>>> >
> > > >>>>> >
> > > >>>>> >
> > > >>>>> > --
> > > >>>>> > Rishi Yagnik
> > > >>>>> >
> > > >>>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>> --
> > > >>>> Rishi Yagnik
> > > >>>>
> > > >>>
> > > >>>
> > > >>>
> > > >>> --
> > > >>> Rishi Yagnik
> > > >>>
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Rishi Yagnik
> > > >>
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Rishi Yagnik
> >
>



-- 
Rishi Yagnik

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message