Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id AD065200C24 for ; Thu, 23 Feb 2017 15:07:54 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id AB7B8160B62; Thu, 23 Feb 2017 14:07:54 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C5B17160B50 for ; Thu, 23 Feb 2017 15:07:53 +0100 (CET) Received: (qmail 921 invoked by uid 500); 23 Feb 2017 14:07:52 -0000 Mailing-List: contact dev-help@ignite.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ignite.apache.org Delivered-To: mailing list dev@ignite.apache.org Received: (qmail 897 invoked by uid 99); 23 Feb 2017 14:07:52 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Feb 2017 14:07:52 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id CD3481A02CF for ; Thu, 23 Feb 2017 14:07:51 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.698 X-Spam-Level: * X-Spam-Status: No, score=1.698 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id g4CpmUsce23D for ; Thu, 23 Feb 2017 14:07:49 +0000 (UTC) Received: from mail-qk0-f175.google.com (mail-qk0-f175.google.com [209.85.220.175]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 0A3A161595 for ; Thu, 23 Feb 2017 14:07:49 +0000 (UTC) Received: by mail-qk0-f175.google.com with SMTP id x71so32174657qkb.3 for ; Thu, 23 Feb 2017 06:07:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=h9WSxvGSx3IBYaLLS/x4Se3hp92MRAsf2d8C2WOpEF8=; b=XeTeDy/gEVvgYMVWo3S6ilmVeSdh4qMiH5NO2vFYD5cyYLfjMkh2IM7GVU2EYQ87kr GLOAAvTNc0OrRwajDwxR7lVzDGX7onAYFrSdYzhhc8ko+X5/iu7Pj8WwtPpSkHbB5Ukc XJPNg+ZdcS96vP+ZjlaBp+1yWmtAZoOyeRVEdsPheuTBdd5f1208UvL0benEDAwMOhcs AsUgVnmMPnYCVsfzmkcED7Ze08KxeTZhUKgepAX5/9sSRBnBrb0Mcb7tF1hHdULuxz8j pKJV8W9vqYDluAQ/DsCfzt0kpLV4oS3dsol1akrjqsb5paaVPV0JtOnC1UzLYhl1/DrV Jlqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=h9WSxvGSx3IBYaLLS/x4Se3hp92MRAsf2d8C2WOpEF8=; b=ENf2tBKxcjbTfvTPYPzGL4vRgYaL5bXl4CujyvI35LJXbQmgBh0UZ0Wcpd6aGRegT6 3ACuRo4H8k27QaP4sDtSYc/R/pneJiQzx4Ki1FvfcMpJHic84ZIzSYrlVLDCa2xCnV+1 gaPIEWvcIVYPd1kA9S4IzLGwuoP7acQqxGxOdklCOoRPt4fjZuQBQgXbiV/vvy7O/twu m68QGUU3ATXVIIpk1jJWUUmvS6K7NX170YQO4egE+kTq9OsE3Up5vNjMu4FAc77qf5YU uDdDpOqr/sGAlBHKh9ySGptJ7bq5uBhJIHPEZ5vZmYFklA2O74koZcdD+aDbWflg2P4g 3eYA== X-Gm-Message-State: AMke39niYcDQV+IQ7bxi8HuB9A0Ze9wJNpXULXg8GoL7bT7i4vnQmUbHFVc4r0tnsrw+7vOTK4z4PU+P/BDlyw== X-Received: by 10.55.214.21 with SMTP id t21mr2047647qki.41.1487858868343; Thu, 23 Feb 2017 06:07:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.237.48.36 with HTTP; Thu, 23 Feb 2017 06:07:27 -0800 (PST) In-Reply-To: References: From: Rishi Yagnik Date: Thu, 23 Feb 2017 08:07:27 -0600 Message-ID: Subject: Re: IGNITE-2741 - spring session design To: dev@ignite.apache.org Content-Type: multipart/alternative; boundary=001a11465b2252f7f00549332357 archived-at: Thu, 23 Feb 2017 14:07:54 -0000 --001a11465b2252f7f00549332357 Content-Type: text/plain; charset=UTF-8 Thanks Val for looking into it. On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < valentin.kulichenko@gmail.com> wrote: > Hi Rishi, > > Got it, I think I'm reproducing the issue. I'll take a look and let you > know my findings soon. > > -Val > > On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik > wrote: > > > Hi Val, > > > > The issue will occur in cluster environment, please setup the spring boot > > on 2 different host with LB (F5 OR Reverse proxy) in front and try to > > login. > > > > In cluster environment, Spring security does not recognize the session on > > the host you are not logged in, as a result, spring security will > redirect > > to login url however the correct behavior should be that user would stay > > logged in with session replication. > > > > Do let me know if you need more information. > > > > Thanks, > > Rishi > > > > > > > > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > > valentin.kulichenko@gmail.com> wrote: > > > > > Hi Rishi, > > > > > > I was able to build and run the application. Can you give some > > description > > > on what should I test to understand the issue? What exactly didn't work > > for > > > you? > > > > > > -Val > > > > > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > > > valentin.kulichenko@gmail.com> wrote: > > > > > > > Hi Rishi, > > > > > > > > Thanks, I'll take a look. > > > > > > > > -Val > > > > > > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik > > > > > wrote: > > > > > > > >> Hi Val, > > > >> > > > >> As promised, please find attached code for spring boot integration > > with > > > >> spring security along with Ignite. > > > >> > > > >> Some more information on project - > > > >> > > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > > > >> - spring security integrated with boot project along with ignite > > > >> - HttpSessionCookieCsrfTokenRepository does not work, gives > > > >> intermediate errors on single instance so used > > > CookieCsrfTokenRepository > > > >> for CSRF token, again I think we need a fix here from Ignite. > > > >> > > > >> I cant reproduce this errors while I am running on single instance, > > you > > > >> need to run this app on 2 spring boot instance having proxy in > front ( > > > F5, > > > >> OR any proxy ) with round robin fashion ( no sticky session on F5 OR > > > >> proxies ). > > > >> > > > >> We were thinking with round robin the user session will active since > > we > > > >> used session replication on backend. > > > >> > > > >> Do let me know if you need more information here. > > > >> > > > >> Thanks, > > > >> > > > >> Rishi > > > >> > > > >> > > > >> > > > >> > > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > rishiyagnik@gmail.com> > > > >> wrote: > > > >> > > > >>> Val, > > > >>> > > > >>> My SB sample project is ready however I have asked for an approval > to > > > >>> submit sample project to you, it would take day or two. > > > >>> > > > >>> I will keep you posted. > > > >>> > > > >>> Thanks for all your help, > > > >>> > > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > rishiyagnik@gmail.com > > > > > > >>> wrote: > > > >>> > > > >>>> Let me build an example app for you and send it across to you. > > > >>>> > > > >>>> Thanks, > > > >>>> > > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > > > >>>> valentin.kulichenko@gmail.com> wrote: > > > >>>> > > > >>>>> Rishi, > > > >>>>> > > > >>>>> No I don't, and I think that's what we should start with. I want > to > > > >>>>> understand a use case that is currently not supported (if any) > and > > > then > > > >>>>> find the best solution. And I would like to reuse existing code > as > > > >>>>> much as > > > >>>>> possible. > > > >>>>> > > > >>>>> Do you have any code that reproduces the problem you had and how > > you > > > >>>>> tried > > > >>>>> to utilize current web session clustering? Can you share it with > > us? > > > >>>>> > > > >>>>> -Val > > > >>>>> > > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > > > rishiyagnik@gmail.com> > > > >>>>> wrote: > > > >>>>> > > > >>>>> > Hi Val, > > > >>>>> > > > > >>>>> > I am working on SB platform with spring security and we found > out > > > >>>>> that the > > > >>>>> > web session filter ignite provides does not work for session > > > >>>>> management on > > > >>>>> > 2 node spring boot cluster. > > > >>>>> > > > > >>>>> > Somehow, spring security filter kicks in result in some weird > > > errors > > > >>>>> with > > > >>>>> > web session filter. > > > >>>>> > > > > >>>>> > So making compatible with spring security somehow, we need to > > write > > > >>>>> > implementation on spring session. > > > >>>>> > > > > >>>>> > Do you have any test cases that says web session filter would > > work > > > >>>>> with > > > >>>>> > spring security on boot platform ? > > > >>>>> > > > > >>>>> > Thanks, > > > >>>>> > > > > >>>>> > > > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > > >>>>> > valentin.kulichenko@gmail.com> wrote: > > > >>>>> > > > > >>>>> > > Hi Rishi, > > > >>>>> > > > > > >>>>> > > Can you please take a look at web session clustering feature > > [1] > > > >>>>> provided > > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems to > > me > > > >>>>> it does > > > >>>>> > > exactly the same - replaces HttpSession with custom > > > implementation > > > >>>>> that > > > >>>>> > has > > > >>>>> > > a backend storage. If it doesn't provide any additional API > or > > > >>>>> > > functionality, I'm not sure I understand the benefit of this > > > >>>>> feature. > > > >>>>> > > > > > >>>>> > > Let me know if I'm missing something. > > > >>>>> > > > > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session- > > > clustering > > > >>>>> > > > > > >>>>> > > -Val > > > >>>>> > > > > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > > > >>>>> rishiyagnik@gmail.com> > > > >>>>> > > wrote: > > > >>>>> > > > > > >>>>> > > > I would like to discuss session replication / fail over > > design > > > on > > > >>>>> > spring > > > >>>>> > > > boot platform and wanted to find what is the best out to > get > > > >>>>> started > > > >>>>> > > here ? > > > >>>>> > > > > > > >>>>> > > > Possible approaches are as follows - > > > >>>>> > > > > > > >>>>> > > > - Make use of Spring Session for session replication and > > > fail > > > >>>>> over > > > >>>>> > > > - Extend the web session filter and make it work on > spring > > > >>>>> boot > > > >>>>> > > > application > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > I am thinking that best approach would be to get started > here > > > >>>>> with > > > >>>>> > spring > > > >>>>> > > > session design however I am open for feedback here. > > > >>>>> > > > > > > >>>>> > > > -- > > > >>>>> > > > Rishi Yagnik > > > >>>>> > > > > > > >>>>> > > > > > >>>>> > > > > >>>>> > > > > >>>>> > > > > >>>>> > -- > > > >>>>> > Rishi Yagnik > > > >>>>> > > > > >>>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Rishi Yagnik > > > >>>> > > > >>> > > > >>> > > > >>> > > > >>> -- > > > >>> Rishi Yagnik > > > >>> > > > >> > > > >> > > > >> > > > >> -- > > > >> Rishi Yagnik > > > >> > > > > > > > > > > > > > > > > > > > -- > > Rishi Yagnik > > > -- Rishi Yagnik --001a11465b2252f7f00549332357--