Return-Path: <dev-return-18859-archive-asf-public=cust-asf.ponee.io@ignite.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 860D2200C32
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 23 Feb 2017 04:32:55 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 849A7160B72; Thu, 23 Feb 2017 03:32:55 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 9F57D160B62
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 23 Feb 2017 04:32:54 +0100 (CET)
Received: (qmail 82687 invoked by uid 500); 23 Feb 2017 03:32:53 -0000
Mailing-List: contact dev-help@ignite.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@ignite.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@ignite.apache.org>
List-Post: <mailto:dev@ignite.apache.org>
List-Id: <dev.ignite.apache.org>
Reply-To: dev@ignite.apache.org
Delivered-To: mailing list dev@ignite.apache.org
Received: (qmail 82674 invoked by uid 99); 23 Feb 2017 03:32:53 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Feb 2017 03:32:53 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 06E2418E179
	for <dev@ignite.apache.org>; Thu, 23 Feb 2017 03:32:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.679
X-Spam-Level: **
X-Spam-Status: No, score=2.679 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	FREEMAIL_REPLY=1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7,
	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id Aa7Pu6pi7El6 for <dev@ignite.apache.org>;
	Thu, 23 Feb 2017 03:32:50 +0000 (UTC)
Received: from mail-it0-f43.google.com (mail-it0-f43.google.com [209.85.214.43])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id E61EB5F56B
	for <dev@ignite.apache.org>; Thu, 23 Feb 2017 03:32:49 +0000 (UTC)
Received: by mail-it0-f43.google.com with SMTP id d9so360062itc.0
        for <dev@ignite.apache.org>; Wed, 22 Feb 2017 19:32:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=Opv7iotXHIjtbc/2szAF+gOmP0JdbNm063wBU6n4eIM=;
        b=H2g8s6Hcmqvz5k/LeOQASWy2nWiNqam/wc08DaZSt6Vx/CdOZtnR4XK0ykDGCy10k9
         f0vyhJvjtLyAvUVUPG12MI2+2xm8QguqAQIztdabznKiWHhTSOdlMvWeXx/t8zgO+seF
         nnAJB9JmuDe6eJ29SdU+P3He8u25bdXfxP89nvzCkDyeSxm5SctUQl43HVv3pdn1rI1d
         A7Yes1PEGCtKG/jhjBjABnAoELWx9MSm5d5vZDfUzCbRX1PrY+m/fA9Azg8eIVjuhdJK
         QJTgNm08WFXMxD0dQlxwgIGCvl86AbX3CkjnFits2q8s73MJJ8ruURcz/PLCYIjcjYBm
         mXuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=Opv7iotXHIjtbc/2szAF+gOmP0JdbNm063wBU6n4eIM=;
        b=D7AK8khFZwzjN4K5X65Y04lnvFX98VSd5qW9JSeykNgWT5LBtrYI8eHoZ9begZCDMD
         erGe6I+xJSswsiqxXXTL3dG6xmPGP7P1PUiVdvX49UKTcE2hUraFRxWfEp1QqpqXyK91
         7o/ll/gtzlsnoszeqlqYSmef59LpVzI8plOPUQo9ndHvP+mW9WcDOQGXqidJgXPT4Suc
         +0ZkC8DG4Zc665ByIqqIg0rKMIxJW2c1SHRAOefoGuGkCI+gEdnivjK8Bjb6uaBF7iWV
         3lHJBqgN3QjTtTyiCEmzitMjdToMgWkTtx8nxo7gg0/Ot5mMscVC8MbZYWf3bn6COyMP
         fvBw==
X-Gm-Message-State: AMke39mfueMZoA84UzEWXowdclvNM05LHmMsc4lH0O6wsfl0n2A32BDKC6TfZBt9QpoP0Hp4112UZBsFYirP7A==
X-Received: by 10.36.10.3 with SMTP id 3mr1284986itw.93.1487820768159; Wed, 22
 Feb 2017 19:32:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.50.93.102 with HTTP; Wed, 22 Feb 2017 19:32:17 -0800 (PST)
In-Reply-To: <CANAAKiAYy5A8B=Bz3rriaN+AR7LDCh1d7hDfiS7wU-fS9HUEqQ@mail.gmail.com>
References: <CANAAKiA1w7iWZTrHftTRK4MytyB3gTmeerfTX5YsFcR-HaeVfg@mail.gmail.com>
 <CABuYRcpKzrywZa+uzwoT5qKbT-JM=pKeFt8auqfzM84G4QrHWg@mail.gmail.com>
 <CANAAKiD2iHXEY_70NBjBNLGPTgBaesLLWrpVBq1h2_Cb+q7jdA@mail.gmail.com>
 <CABuYRcpqMZfu-aUV09cp26kRPmASPEhJEi5EiLEJX+9RS4_1HQ@mail.gmail.com>
 <CANAAKiDMbMia8E-3+sWVr-huZtu_3NH+p3NiLb8tZh+Ln=B=eA@mail.gmail.com>
 <CANAAKiBU9GEdF8Uw2U_13PvPBcAVva3RYXf55ZzuHvgG7ze5Tg@mail.gmail.com>
 <CANAAKiDN__gk9NPLmaC+b-OFga55G4VKBzy3Rhu=Xy6O+Q6Lew@mail.gmail.com>
 <CABuYRcoL=2DW9n4rhsP2iiJvRrdga-+r4mzF0qOgbAbr_NuLHA@mail.gmail.com>
 <CABuYRcpBGmh8N+PiPTf9R78Hv=Fn6DA1_Ee_VqvdvLQF+iPz5w@mail.gmail.com> <CANAAKiAYy5A8B=Bz3rriaN+AR7LDCh1d7hDfiS7wU-fS9HUEqQ@mail.gmail.com>
From: Valentin Kulichenko <valentin.kulichenko@gmail.com>
Date: Wed, 22 Feb 2017 19:32:17 -0800
Message-ID: <CABuYRcq91twa2RObjBYw7T137ju_mu6-8xRJ9BFK_htiXz49Fw@mail.gmail.com>
Subject: Re: IGNITE-2741 - spring session design
To: dev@ignite.apache.org
Content-Type: multipart/alternative; boundary=001a1143e4ce60349d05492a448e
archived-at: Thu, 23 Feb 2017 03:32:55 -0000

--001a1143e4ce60349d05492a448e
Content-Type: text/plain; charset=UTF-8

Hi Rishi,

Got it, I think I'm reproducing the issue. I'll take a look and let you
know my findings soon.

-Val

On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <rishiyagnik@gmail.com> wrote:

> Hi Val,
>
> The issue will occur in cluster environment, please setup the spring boot
> on 2 different host with LB (F5 OR Reverse proxy) in front and try to
> login.
>
> In cluster environment, Spring security does not recognize the session on
> the host you are not logged in, as a result, spring security will redirect
> to login url however the correct behavior should be that user would stay
> logged in with session replication.
>
> Do let me know if you need more information.
>
> Thanks,
> Rishi
>
>
>
> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> valentin.kulichenko@gmail.com> wrote:
>
> > Hi Rishi,
> >
> > I was able to build and run the application. Can you give some
> description
> > on what should I test to understand the issue? What exactly didn't work
> for
> > you?
> >
> > -Val
> >
> > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> > valentin.kulichenko@gmail.com> wrote:
> >
> > > Hi Rishi,
> > >
> > > Thanks, I'll take a look.
> > >
> > > -Val
> > >
> > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <rishiyagnik@gmail.com>
> > > wrote:
> > >
> > >> Hi Val,
> > >>
> > >> As promised, please find attached code for spring boot integration
> with
> > >> spring security along with Ignite.
> > >>
> > >> Some more information on project -
> > >>
> > >>    - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> > >>    - spring security integrated with boot project along with ignite
> > >>    - HttpSessionCookieCsrfTokenRepository does not work, gives
> > >>    intermediate errors on single instance so used
> > CookieCsrfTokenRepository
> > >>    for CSRF token, again I think we need a fix here from Ignite.
> > >>
> > >> I cant reproduce this errors while I am running on single instance,
> you
> > >> need to run this app on 2 spring boot instance having proxy in front (
> > F5,
> > >> OR any proxy ) with round robin fashion ( no sticky session on F5 OR
> > >> proxies ).
> > >>
> > >> We were thinking with round robin the user session will active since
> we
> > >> used session replication on backend.
> > >>
> > >> Do let me know if you need more information here.
> > >>
> > >> Thanks,
> > >>
> > >> Rishi
> > >>
> > >>
> > >>
> > >>
> > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <rishiyagnik@gmail.com>
> > >> wrote:
> > >>
> > >>> Val,
> > >>>
> > >>> My SB sample project is ready however I have asked for an approval to
> > >>> submit sample project to you, it would take day or two.
> > >>>
> > >>> I will keep you posted.
> > >>>
> > >>> Thanks for all your help,
> > >>>
> > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <rishiyagnik@gmail.com
> >
> > >>> wrote:
> > >>>
> > >>>> Let me build an example app for you and send it across to you.
> > >>>>
> > >>>> Thanks,
> > >>>>
> > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko <
> > >>>> valentin.kulichenko@gmail.com> wrote:
> > >>>>
> > >>>>> Rishi,
> > >>>>>
> > >>>>> No I don't, and I think that's what we should start with. I want to
> > >>>>> understand a use case that is currently not supported (if any) and
> > then
> > >>>>> find the best solution. And I would like to reuse existing code as
> > >>>>> much as
> > >>>>> possible.
> > >>>>>
> > >>>>> Do you have any code that reproduces the problem you had and how
> you
> > >>>>> tried
> > >>>>> to utilize current web session clustering? Can you share it with
> us?
> > >>>>>
> > >>>>> -Val
> > >>>>>
> > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> > rishiyagnik@gmail.com>
> > >>>>> wrote:
> > >>>>>
> > >>>>> > Hi Val,
> > >>>>> >
> > >>>>> > I am working on SB platform with spring security and we found out
> > >>>>> that the
> > >>>>> > web session filter ignite provides does not work for session
> > >>>>> management on
> > >>>>> > 2 node spring boot cluster.
> > >>>>> >
> > >>>>> > Somehow, spring security filter kicks in result in some weird
> > errors
> > >>>>> with
> > >>>>> > web session filter.
> > >>>>> >
> > >>>>> > So making compatible with spring security somehow, we need to
> write
> > >>>>> > implementation on spring session.
> > >>>>> >
> > >>>>> > Do you have any test cases that says web session filter would
> work
> > >>>>> with
> > >>>>> > spring security on boot platform ?
> > >>>>> >
> > >>>>> > Thanks,
> > >>>>> >
> > >>>>> >
> > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko <
> > >>>>> > valentin.kulichenko@gmail.com> wrote:
> > >>>>> >
> > >>>>> > > Hi Rishi,
> > >>>>> > >
> > >>>>> > > Can you please take a look at web session clustering feature
> [1]
> > >>>>> provided
> > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems to
> me
> > >>>>> it does
> > >>>>> > > exactly the same - replaces HttpSession with custom
> > implementation
> > >>>>> that
> > >>>>> > has
> > >>>>> > > a backend storage. If it doesn't provide any additional API or
> > >>>>> > > functionality, I'm not sure I understand the benefit of this
> > >>>>> feature.
> > >>>>> > >
> > >>>>> > > Let me know if I'm missing something.
> > >>>>> > >
> > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session-
> > clustering
> > >>>>> > >
> > >>>>> > > -Val
> > >>>>> > >
> > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> > >>>>> rishiyagnik@gmail.com>
> > >>>>> > > wrote:
> > >>>>> > >
> > >>>>> > > > I would like to discuss session replication / fail over
> design
> > on
> > >>>>> > spring
> > >>>>> > > > boot platform and wanted to find what is the best out to get
> > >>>>> started
> > >>>>> > > here ?
> > >>>>> > > >
> > >>>>> > > > Possible approaches are as follows -
> > >>>>> > > >
> > >>>>> > > >    - Make use of Spring Session for session replication and
> > fail
> > >>>>> over
> > >>>>> > > >    - Extend the web session filter and make it work on spring
> > >>>>> boot
> > >>>>> > > >    application
> > >>>>> > > >
> > >>>>> > > >
> > >>>>> > > > I am thinking that best approach would be to get started here
> > >>>>> with
> > >>>>> > spring
> > >>>>> > > > session design however I am open for feedback here.
> > >>>>> > > >
> > >>>>> > > > --
> > >>>>> > > > Rishi Yagnik
> > >>>>> > > >
> > >>>>> > >
> > >>>>> >
> > >>>>> >
> > >>>>> >
> > >>>>> > --
> > >>>>> > Rishi Yagnik
> > >>>>> >
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> Rishi Yagnik
> > >>>>
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Rishi Yagnik
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> Rishi Yagnik
> > >>
> > >
> > >
> >
>
>
>
> --
> Rishi Yagnik
>

--001a1143e4ce60349d05492a448e--