ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Valentin Kulichenko <valentin.kuliche...@gmail.com>
Subject Re: IGNITE-2741 - spring session design
Date Sun, 05 Mar 2017 19:28:44 GMT
Rishi,

Can you please share how you forced Ignite filter to be invoked before
security filter?

-Val

On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <rishiyagnik@gmail.com> wrote:

> Hi Val,
>
> Thanks for the response, we have executed ignite filter before spring
> security filter but somehow the ignite filter does not do the job of
> setting spring principle context.
>
> As a result even though we have spring principle in session, spring filter
> does not recognize it and sends us back to log in page.
>
> I think there s some more work needed here to change the filter and make
> it work with spring boot application.
>
> Take Care,
> Rishi
>
> > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> valentin.kulichenko@gmail.com> wrote:
> >
> > Hi Rishi,
> >
> > I did some debugging. Apparently, the reason for this behavior is that
> > Spring Security filter resides before Ignite's filter in the chain list.
> I
> > think that eventually this should be fixed in the product, but in the
> > meantime there must be a way to work around the problem by controlling
> the
> > order. Do you know how this can be done in Spring Boot?
> >
> > -Val
> >
> >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <rishiyagnik@gmail.com>
> wrote:
> >>
> >> Hi Val,
> >>
> >> Sorry for pestering, thanks for all your help.
> >>
> >> Rishi
> >>
> >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> >> valentin.kulichenko@gmail.com> wrote:
> >>
> >>> Hi Rishi,
> >>>
> >>> Sorry, not yet. But this on my short list of TODOs, will try to give an
> >>> update as soon as possible.
> >>>
> >>> -Val
> >>>
> >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <rishiyagnik@gmail.com>
> >>> wrote:
> >>>
> >>>> Hi Val,
> >>>>
> >>>> any update on session replication issue ?
> >>>>
> >>>> Thanks,
> >>>> Rishi
> >>>>
> >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <rishiyagnik@gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Thanks Val for looking into it.
> >>>>>
> >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> >>>>> valentin.kulichenko@gmail.com> wrote:
> >>>>>
> >>>>>> Hi Rishi,
> >>>>>>
> >>>>>> Got it, I think I'm reproducing the issue. I'll take a look
and let
> >>> you
> >>>>>> know my findings soon.
> >>>>>>
> >>>>>> -Val
> >>>>>>
> >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> >> rishiyagnik@gmail.com>
> >>>>>> wrote:
> >>>>>>
> >>>>>>> Hi Val,
> >>>>>>>
> >>>>>>> The issue will occur in cluster environment, please setup
the
> >> spring
> >>>>>> boot
> >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front
and try
> >>> to
> >>>>>>> login.
> >>>>>>>
> >>>>>>> In cluster environment, Spring security does not recognize
the
> >>> session
> >>>>>> on
> >>>>>>> the host you are not logged in, as a result, spring security
will
> >>>>>> redirect
> >>>>>>> to login url however the correct behavior should be that
user
> >> would
> >>>> stay
> >>>>>>> logged in with session replication.
> >>>>>>>
> >>>>>>> Do let me know if you need more information.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> Rishi
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> >>>>>>> valentin.kulichenko@gmail.com> wrote:
> >>>>>>>
> >>>>>>>> Hi Rishi,
> >>>>>>>>
> >>>>>>>> I was able to build and run the application. Can you
give some
> >>>>>>> description
> >>>>>>>> on what should I test to understand the issue? What
exactly
> >> didn't
> >>>>>> work
> >>>>>>> for
> >>>>>>>> you?
> >>>>>>>>
> >>>>>>>> -Val
> >>>>>>>>
> >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko
<
> >>>>>>>> valentin.kulichenko@gmail.com> wrote:
> >>>>>>>>
> >>>>>>>>> Hi Rishi,
> >>>>>>>>>
> >>>>>>>>> Thanks, I'll take a look.
> >>>>>>>>>
> >>>>>>>>> -Val
> >>>>>>>>>
> >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> >>>>>> rishiyagnik@gmail.com>
> >>>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>>> Hi Val,
> >>>>>>>>>>
> >>>>>>>>>> As promised, please find attached code for spring
boot
> >>>> integration
> >>>>>>> with
> >>>>>>>>>> spring security along with Ignite.
> >>>>>>>>>>
> >>>>>>>>>> Some more information on project -
> >>>>>>>>>>
> >>>>>>>>>>   - It is a maven project ( Ignite 1.7.0, SB
1.4.3 )
> >>>>>>>>>>   - spring security integrated with boot project
along with
> >>>> ignite
> >>>>>>>>>>   - HttpSessionCookieCsrfTokenRepository does
not work,
> >> gives
> >>>>>>>>>>   intermediate errors on single instance so
used
> >>>>>>>> CookieCsrfTokenRepository
> >>>>>>>>>>   for CSRF token, again I think we need a fix
here from
> >>> Ignite.
> >>>>>>>>>>
> >>>>>>>>>> I cant reproduce this errors while I am running
on single
> >>>> instance,
> >>>>>>> you
> >>>>>>>>>> need to run this app on 2 spring boot instance
having proxy
> >> in
> >>>>>> front (
> >>>>>>>> F5,
> >>>>>>>>>> OR any proxy ) with round robin fashion ( no
sticky session
> >> on
> >>> F5
> >>>>>> OR
> >>>>>>>>>> proxies ).
> >>>>>>>>>>
> >>>>>>>>>> We were thinking with round robin the user session
will
> >> active
> >>>>>> since
> >>>>>>> we
> >>>>>>>>>> used session replication on backend.
> >>>>>>>>>>
> >>>>>>>>>> Do let me know if you need more information
here.
> >>>>>>>>>>
> >>>>>>>>>> Thanks,
> >>>>>>>>>>
> >>>>>>>>>> Rishi
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik
<
> >>>>>> rishiyagnik@gmail.com>
> >>>>>>>>>> wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Val,
> >>>>>>>>>>>
> >>>>>>>>>>> My SB sample project is ready however I
have asked for an
> >>>>>> approval to
> >>>>>>>>>>> submit sample project to you, it would take
day or two.
> >>>>>>>>>>>
> >>>>>>>>>>> I will keep you posted.
> >>>>>>>>>>>
> >>>>>>>>>>> Thanks for all your help,
> >>>>>>>>>>>
> >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik
<
> >>>>>> rishiyagnik@gmail.com
> >>>>>>>>
> >>>>>>>>>>> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> Let me build an example app for you
and send it across to
> >>> you.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
Kulichenko <
> >>>>>>>>>>>> valentin.kulichenko@gmail.com> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Rishi,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> No I don't, and I think that's what
we should start with.
> >> I
> >>>>>> want to
> >>>>>>>>>>>>> understand a use case that is currently
not supported (if
> >>> any)
> >>>>>> and
> >>>>>>>> then
> >>>>>>>>>>>>> find the best solution. And I would
like to reuse existing
> >>>> code
> >>>>>> as
> >>>>>>>>>>>>> much as
> >>>>>>>>>>>>> possible.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Do you have any code that reproduces
the problem you had
> >> and
> >>>> how
> >>>>>>> you
> >>>>>>>>>>>>> tried
> >>>>>>>>>>>>> to utilize current web session clustering?
Can you share
> >> it
> >>>> with
> >>>>>>> us?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM,
Rishi Yagnik <
> >>>>>>>> rishiyagnik@gmail.com>
> >>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I am working on SB platform
with spring security and we
> >>>> found
> >>>>>> out
> >>>>>>>>>>>>> that the
> >>>>>>>>>>>>>> web session filter ignite provides
does not work for
> >>> session
> >>>>>>>>>>>>> management on
> >>>>>>>>>>>>>> 2 node spring boot cluster.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Somehow, spring security filter
kicks in result in some
> >>>> weird
> >>>>>>>> errors
> >>>>>>>>>>>>> with
> >>>>>>>>>>>>>> web session filter.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> So making compatible with spring
security somehow, we
> >> need
> >>>> to
> >>>>>>> write
> >>>>>>>>>>>>>> implementation on spring session.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Do you have any test cases that
says web session filter
> >>>> would
> >>>>>>> work
> >>>>>>>>>>>>> with
> >>>>>>>>>>>>>> spring security on boot platform
?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03
PM, Valentin Kulichenko <
> >>>>>>>>>>>>>> valentin.kulichenko@gmail.com>
wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Can you please take a look
at web session clustering
> >>>> feature
> >>>>>>> [1]
> >>>>>>>>>>>>> provided
> >>>>>>>>>>>>>>> by Ignite? I'm looking at
Spring Session docs and it
> >>> seems
> >>>>>> to
> >>>>>>> me
> >>>>>>>>>>>>> it does
> >>>>>>>>>>>>>>> exactly the same - replaces
HttpSession with custom
> >>>>>>>> implementation
> >>>>>>>>>>>>> that
> >>>>>>>>>>>>>> has
> >>>>>>>>>>>>>>> a backend storage. If it
doesn't provide any
> >> additional
> >>>> API
> >>>>>> or
> >>>>>>>>>>>>>>> functionality, I'm not sure
I understand the benefit
> >> of
> >>>> this
> >>>>>>>>>>>>> feature.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Let me know if I'm missing
something.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> >>> readme.io/docs/web-session-
> >>>>>>>> clustering
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at
2:41 PM, Rishi Yagnik <
> >>>>>>>>>>>>> rishiyagnik@gmail.com>
> >>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I would like to discuss
session replication / fail
> >>> over
> >>>>>>> design
> >>>>>>>> on
> >>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>> boot platform and wanted
to find what is the best
> >> out
> >>> to
> >>>>>> get
> >>>>>>>>>>>>> started
> >>>>>>>>>>>>>>> here ?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Possible approaches
are as follows -
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>   - Make use of Spring
Session for session
> >>> replication
> >>>>>> and
> >>>>>>>> fail
> >>>>>>>>>>>>> over
> >>>>>>>>>>>>>>>>   - Extend the web session
filter and make it work
> >> on
> >>>>>> spring
> >>>>>>>>>>>>> boot
> >>>>>>>>>>>>>>>>   application
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I am thinking that best
approach would be to get
> >>> started
> >>>>>> here
> >>>>>>>>>>>>> with
> >>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>> session design however
I am open for feedback here.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> --
> >>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> --
> >>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> --
> >>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Rishi Yagnik
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Rishi Yagnik
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Rishi Yagnik
> >>>>
> >>>
> >>
> >>
> >>
> >> --
> >> Rishi Yagnik
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message