ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rishi Yagnik <rishiyag...@gmail.com>
Subject Re: IGNITE-2741 - spring session design
Date Mon, 06 Mar 2017 01:25:23 GMT
Val,

Adding a filter before csrf filter will invoke the custom ignite filter.

Declare a custom filter class extends it with websession filter

public class CustomWebSessionFilter extends WebSessionFilter {

         private static boolean igniteInitialize = false

@Override public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain)
            throws IOException, ServletException {
        if(!igniteInitialize) {
            super.init(new FilterConfig() {
                @Override
                public String getFilterName() {
                    return "CustomWebSessionFilter";
                }

                @Override
                public ServletContext getServletContext() {
                    return req.getServletContext();
                }

                @Override
                public String getInitParameter(String name) {
                    return null;
                }

                @Override
                public Enumeration<String> getInitParameterNames() {
                    return null;
                }
            });
            igniteInitialize = true;
        }
        super.doFilter(req,res,chain);
    }
}

And in SecurityConfig.java add following line to invoke filter before
Ignite Web Session filter -

 .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)

Hope it helps..

Thanks,

On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
valentin.kulichenko@gmail.com> wrote:

> Rishi,
>
> Can you please share how you forced Ignite filter to be invoked before
> security filter?
>
> -Val
>
> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <rishiyagnik@gmail.com>
> wrote:
>
> > Hi Val,
> >
> > Thanks for the response, we have executed ignite filter before spring
> > security filter but somehow the ignite filter does not do the job of
> > setting spring principle context.
> >
> > As a result even though we have spring principle in session, spring
> filter
> > does not recognize it and sends us back to log in page.
> >
> > I think there s some more work needed here to change the filter and make
> > it work with spring boot application.
> >
> > Take Care,
> > Rishi
> >
> > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > valentin.kulichenko@gmail.com> wrote:
> > >
> > > Hi Rishi,
> > >
> > > I did some debugging. Apparently, the reason for this behavior is that
> > > Spring Security filter resides before Ignite's filter in the chain
> list.
> > I
> > > think that eventually this should be fixed in the product, but in the
> > > meantime there must be a way to work around the problem by controlling
> > the
> > > order. Do you know how this can be done in Spring Boot?
> > >
> > > -Val
> > >
> > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <rishiyagnik@gmail.com>
> > wrote:
> > >>
> > >> Hi Val,
> > >>
> > >> Sorry for pestering, thanks for all your help.
> > >>
> > >> Rishi
> > >>
> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > >> valentin.kulichenko@gmail.com> wrote:
> > >>
> > >>> Hi Rishi,
> > >>>
> > >>> Sorry, not yet. But this on my short list of TODOs, will try to give
> an
> > >>> update as soon as possible.
> > >>>
> > >>> -Val
> > >>>
> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <rishiyagnik@gmail.com
> >
> > >>> wrote:
> > >>>
> > >>>> Hi Val,
> > >>>>
> > >>>> any update on session replication issue ?
> > >>>>
> > >>>> Thanks,
> > >>>> Rishi
> > >>>>
> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> rishiyagnik@gmail.com>
> > >>>> wrote:
> > >>>>
> > >>>>> Thanks Val for looking into it.
> > >>>>>
> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> > >>>>> valentin.kulichenko@gmail.com> wrote:
> > >>>>>
> > >>>>>> Hi Rishi,
> > >>>>>>
> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a
look and
> let
> > >>> you
> > >>>>>> know my findings soon.
> > >>>>>>
> > >>>>>> -Val
> > >>>>>>
> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > >> rishiyagnik@gmail.com>
> > >>>>>> wrote:
> > >>>>>>
> > >>>>>>> Hi Val,
> > >>>>>>>
> > >>>>>>> The issue will occur in cluster environment, please
setup the
> > >> spring
> > >>>>>> boot
> > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
front and
> try
> > >>> to
> > >>>>>>> login.
> > >>>>>>>
> > >>>>>>> In cluster environment, Spring security does not recognize
the
> > >>> session
> > >>>>>> on
> > >>>>>>> the host you are not logged in, as a result, spring
security will
> > >>>>>> redirect
> > >>>>>>> to login url however the correct behavior should be
that user
> > >> would
> > >>>> stay
> > >>>>>>> logged in with session replication.
> > >>>>>>>
> > >>>>>>> Do let me know if you need more information.
> > >>>>>>>
> > >>>>>>> Thanks,
> > >>>>>>> Rishi
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko
<
> > >>>>>>> valentin.kulichenko@gmail.com> wrote:
> > >>>>>>>
> > >>>>>>>> Hi Rishi,
> > >>>>>>>>
> > >>>>>>>> I was able to build and run the application. Can
you give some
> > >>>>>>> description
> > >>>>>>>> on what should I test to understand the issue?
What exactly
> > >> didn't
> > >>>>>> work
> > >>>>>>> for
> > >>>>>>>> you?
> > >>>>>>>>
> > >>>>>>>> -Val
> > >>>>>>>>
> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko
<
> > >>>>>>>> valentin.kulichenko@gmail.com> wrote:
> > >>>>>>>>
> > >>>>>>>>> Hi Rishi,
> > >>>>>>>>>
> > >>>>>>>>> Thanks, I'll take a look.
> > >>>>>>>>>
> > >>>>>>>>> -Val
> > >>>>>>>>>
> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik
<
> > >>>>>> rishiyagnik@gmail.com>
> > >>>>>>>>> wrote:
> > >>>>>>>>>
> > >>>>>>>>>> Hi Val,
> > >>>>>>>>>>
> > >>>>>>>>>> As promised, please find attached code
for spring boot
> > >>>> integration
> > >>>>>>> with
> > >>>>>>>>>> spring security along with Ignite.
> > >>>>>>>>>>
> > >>>>>>>>>> Some more information on project -
> > >>>>>>>>>>
> > >>>>>>>>>>   - It is a maven project ( Ignite 1.7.0,
SB 1.4.3 )
> > >>>>>>>>>>   - spring security integrated with boot
project along with
> > >>>> ignite
> > >>>>>>>>>>   - HttpSessionCookieCsrfTokenRepository
does not work,
> > >> gives
> > >>>>>>>>>>   intermediate errors on single instance
so used
> > >>>>>>>> CookieCsrfTokenRepository
> > >>>>>>>>>>   for CSRF token, again I think we need
a fix here from
> > >>> Ignite.
> > >>>>>>>>>>
> > >>>>>>>>>> I cant reproduce this errors while I am
running on single
> > >>>> instance,
> > >>>>>>> you
> > >>>>>>>>>> need to run this app on 2 spring boot instance
having proxy
> > >> in
> > >>>>>> front (
> > >>>>>>>> F5,
> > >>>>>>>>>> OR any proxy ) with round robin fashion
( no sticky session
> > >> on
> > >>> F5
> > >>>>>> OR
> > >>>>>>>>>> proxies ).
> > >>>>>>>>>>
> > >>>>>>>>>> We were thinking with round robin the user
session will
> > >> active
> > >>>>>> since
> > >>>>>>> we
> > >>>>>>>>>> used session replication on backend.
> > >>>>>>>>>>
> > >>>>>>>>>> Do let me know if you need more information
here.
> > >>>>>>>>>>
> > >>>>>>>>>> Thanks,
> > >>>>>>>>>>
> > >>>>>>>>>> Rishi
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi
Yagnik <
> > >>>>>> rishiyagnik@gmail.com>
> > >>>>>>>>>> wrote:
> > >>>>>>>>>>
> > >>>>>>>>>>> Val,
> > >>>>>>>>>>>
> > >>>>>>>>>>> My SB sample project is ready however
I have asked for an
> > >>>>>> approval to
> > >>>>>>>>>>> submit sample project to you, it would
take day or two.
> > >>>>>>>>>>>
> > >>>>>>>>>>> I will keep you posted.
> > >>>>>>>>>>>
> > >>>>>>>>>>> Thanks for all your help,
> > >>>>>>>>>>>
> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi
Yagnik <
> > >>>>>> rishiyagnik@gmail.com
> > >>>>>>>>
> > >>>>>>>>>>> wrote:
> > >>>>>>>>>>>
> > >>>>>>>>>>>> Let me build an example app for
you and send it across to
> > >>> you.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM,
Valentin Kulichenko <
> > >>>>>>>>>>>> valentin.kulichenko@gmail.com>
wrote:
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>> Rishi,
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> No I don't, and I think that's
what we should start with.
> > >> I
> > >>>>>> want to
> > >>>>>>>>>>>>> understand a use case that
is currently not supported (if
> > >>> any)
> > >>>>>> and
> > >>>>>>>> then
> > >>>>>>>>>>>>> find the best solution. And
I would like to reuse existing
> > >>>> code
> > >>>>>> as
> > >>>>>>>>>>>>> much as
> > >>>>>>>>>>>>> possible.
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Do you have any code that reproduces
the problem you had
> > >> and
> > >>>> how
> > >>>>>>> you
> > >>>>>>>>>>>>> tried
> > >>>>>>>>>>>>> to utilize current web session
clustering? Can you share
> > >> it
> > >>>> with
> > >>>>>>> us?
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28
AM, Rishi Yagnik <
> > >>>>>>>> rishiyagnik@gmail.com>
> > >>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Hi Val,
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> I am working on SB platform
with spring security and we
> > >>>> found
> > >>>>>> out
> > >>>>>>>>>>>>> that the
> > >>>>>>>>>>>>>> web session filter ignite
provides does not work for
> > >>> session
> > >>>>>>>>>>>>> management on
> > >>>>>>>>>>>>>> 2 node spring boot cluster.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Somehow, spring security
filter kicks in result in some
> > >>>> weird
> > >>>>>>>> errors
> > >>>>>>>>>>>>> with
> > >>>>>>>>>>>>>> web session filter.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> So making compatible with
spring security somehow, we
> > >> need
> > >>>> to
> > >>>>>>> write
> > >>>>>>>>>>>>>> implementation on spring
session.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Do you have any test cases
that says web session filter
> > >>>> would
> > >>>>>>> work
> > >>>>>>>>>>>>> with
> > >>>>>>>>>>>>>> spring security on boot
platform ?
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at
1:03 PM, Valentin Kulichenko <
> > >>>>>>>>>>>>>> valentin.kulichenko@gmail.com>
wrote:
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> Can you please take
a look at web session clustering
> > >>>> feature
> > >>>>>>> [1]
> > >>>>>>>>>>>>> provided
> > >>>>>>>>>>>>>>> by Ignite? I'm looking
at Spring Session docs and it
> > >>> seems
> > >>>>>> to
> > >>>>>>> me
> > >>>>>>>>>>>>> it does
> > >>>>>>>>>>>>>>> exactly the same -
replaces HttpSession with custom
> > >>>>>>>> implementation
> > >>>>>>>>>>>>> that
> > >>>>>>>>>>>>>> has
> > >>>>>>>>>>>>>>> a backend storage.
If it doesn't provide any
> > >> additional
> > >>>> API
> > >>>>>> or
> > >>>>>>>>>>>>>>> functionality, I'm
not sure I understand the benefit
> > >> of
> > >>>> this
> > >>>>>>>>>>>>> feature.
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> Let me know if I'm
missing something.
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > >>> readme.io/docs/web-session-
> > >>>>>>>> clustering
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017
at 2:41 PM, Rishi Yagnik <
> > >>>>>>>>>>>>> rishiyagnik@gmail.com>
> > >>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> I would like to
discuss session replication / fail
> > >>> over
> > >>>>>>> design
> > >>>>>>>> on
> > >>>>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>> boot platform and
wanted to find what is the best
> > >> out
> > >>> to
> > >>>>>> get
> > >>>>>>>>>>>>> started
> > >>>>>>>>>>>>>>> here ?
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> Possible approaches
are as follows -
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>   - Make use of
Spring Session for session
> > >>> replication
> > >>>>>> and
> > >>>>>>>> fail
> > >>>>>>>>>>>>> over
> > >>>>>>>>>>>>>>>>   - Extend the
web session filter and make it work
> > >> on
> > >>>>>> spring
> > >>>>>>>>>>>>> boot
> > >>>>>>>>>>>>>>>>   application
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> I am thinking that
best approach would be to get
> > >>> started
> > >>>>>> here
> > >>>>>>>>>>>>> with
> > >>>>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>> session design
however I am open for feedback here.
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> --
> > >>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>> --
> > >>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>> --
> > >>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> Rishi Yagnik
> > >>>>>>>
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> --
> > >>>>> Rishi Yagnik
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> Rishi Yagnik
> > >>>>
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> Rishi Yagnik
> > >>
> >
>



-- 
Rishi Yagnik

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message