ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Valentin Kulichenko <valentin.kuliche...@gmail.com>
Subject Re: IGNITE-2741 - spring session design
Date Tue, 11 Apr 2017 20:53:27 GMT
Hi Rishi,

What was the issue with the HttpSessionCsrfTokenRepository? I didn't have
any problems after I added code you provided.

The fix for [1] is already in master. Can you try building from there and
check if everything works fine for you?

[1] https://issues.apache.org/jira/browse/IGNITE-4948

-Val

On Sat, Mar 18, 2017 at 5:15 PM, Denis Magda <dmagda@gridgain.com> wrote:

> Somewhere in April. This will be clarified on the dev list soon.
>
> On Saturday, March 18, 2017, Rishi Yagnik <rishiyagnik@gmail.com> wrote:
>
> > Thanks, Val.
> >
> > When are we going to release Ignite 2.0 ? June ??
> >
> > Thanks,
> >
> > On Sat, Mar 18, 2017 at 6:02 AM, Valentin Kulichenko <
> > valentin.kulichenko@gmail.com <javascript:;>> wrote:
> >
> > > Denis,
> > >
> > > Yes, this should be possible. I will try to finalize the fix asap.
> > >
> > > -Val
> > >
> > > On Fri, Mar 17, 2017 at 7:46 PM, Denis Magda <dmagda@apache.org
> > <javascript:;>> wrote:
> > >
> > > > Val,
> > > >
> > > > Will it be possible to incorporate the fix into the nearest 2.0
> > release?
> > > >
> > > > —
> > > > Denis
> > > >
> > > > > On Mar 17, 2017, at 11:43 AM, Rishi Yagnik <rishiyagnik@gmail.com
> > <javascript:;>>
> > > > wrote:
> > > > >
> > > > > Hi Val,
> > > > >
> > > > > Hope you are well, any update on web session clustering.
> > > > >
> > > > > Thanks,
> > > > > Rishi
> > > > >
> > > > > On Sat, Mar 11, 2017 at 12:29 PM, Rishi Yagnik <
> > rishiyagnik@gmail.com <javascript:;>>
> > > > > wrote:
> > > > >
> > > > >> Hi Val,
> > > > >>
> > > > >> Thanks looking forward for the fix..
> > > > >>
> > > > >> Take Care,
> > > > >> Rishi
> > > > >>
> > > > >>> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
> > > > >> valentin.kulichenko@gmail.com <javascript:;>> wrote:
> > > > >>>
> > > > >>> Hi Rishi,
> > > > >>>
> > > > >>> I want to fix the bug first. It takes a bit longer than I
> thought,
> > > but
> > > > I
> > > > >>> should finish it over the weekend.
> > > > >>>
> > > > >>> -Val
> > > > >>>
> > > > >>>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <
> > > rishiyagnik@gmail.com <javascript:;>>
> > > > >> wrote:
> > > > >>>>
> > > > >>>> Hi Val,
> > > > >>>>
> > > > >>>> Did you chance to look into session handling issue ?
> > > > >>>>
> > > > >>>> Thanks,
> > > > >>>>
> > > > >>>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <
> > rishiyagnik@gmail.com <javascript:;>
> > > >
> > > > >>>> wrote:
> > > > >>>>
> > > > >>>>> Hi Val,
> > > > >>>>>
> > > > >>>>> Do you think I can test a fix in 1.9 RC releases ? How are you
> > > > planning
> > > > >>>> to
> > > > >>>>> release a fix ?
> > > > >>>>>
> > > > >>>>> Did you also look into problem where storing xsrf token in
> Ignite
> > > > >> returns
> > > > >>>>> an exception and does not behave as expected ?
> > > > >>>>>
> > > > >>>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with
> > > > >> following
> > > > >>>>> code -
> > > > >>>>>
> > > > >>>>> .csrfTokenRepository(csrfTokenRepository())
> > > > >>>>>
> > > > >>>>> private CsrfTokenRepository csrfTokenRepository() {
> > > > >>>>>   HttpSessionCsrfTokenRepository repository = new
> > > > >>>> HttpSessionCsrfTokenRepository();
> > > > >>>>>   repository.setHeaderName("X-XSRF-TOKEN");
> > > > >>>>>   return repository;
> > > > >>>>> }
> > > > >>>>>
> > > > >>>>> Thank you for all your help,
> > > > >>>>>
> > > > >>>>>
> > > > >>>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> > > > >>>>> valentin.kulichenko@gmail.com <javascript:;>> wrote:
> > > > >>>>>
> > > > >>>>>> Hi Rishi,
> > > > >>>>>>
> > > > >>>>>> I got to the bottom of it. Basically, the session is replaced
> in
> > > > >> Spring
> > > > >>>>>> filter, but caching happens based on the old version which
> > doesn't
> > > > >> have
> > > > >>>>>> security attributes. The fix is going to be very easy, I will
> do
> > > it
> > > > >>>>>> tomorrow.
> > > > >>>>>>
> > > > >>>>>> -Val
> > > > >>>>>>
> > > > >>>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <
> > > rishiyagnik@gmail.com <javascript:;>
> > > > >
> > > > >>>>>> wrote:
> > > > >>>>>>
> > > > >>>>>>> Val,
> > > > >>>>>>>
> > > > >>>>>>> Did you get chance to play around with the code ?
> > > > >>>>>>>
> > > > >>>>>>> Thanks,
> > > > >>>>>>>
> > > > >>>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <
> > > > rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>> wrote:
> > > > >>>>>>>
> > > > >>>>>>>> Val,
> > > > >>>>>>>>
> > > > >>>>>>>> Adding a filter before csrf filter will invoke the custom
> > ignite
> > > > >>>>>> filter.
> > > > >>>>>>>>
> > > > >>>>>>>> Declare a custom filter class extends it with websession
> > filter
> > > > >>>>>>>>
> > > > >>>>>>>> public class CustomWebSessionFilter extends
> WebSessionFilter {
> > > > >>>>>>>>
> > > > >>>>>>>>        private static boolean igniteInitialize = false
> > > > >>>>>>>>
> > > > >>>>>>>> @Override public void doFilter(ServletRequest req,
> > > ServletResponse
> > > > >>>>>> res,
> > > > >>>>>>>> FilterChain chain)
> > > > >>>>>>>>           throws IOException, ServletException {
> > > > >>>>>>>>       if(!igniteInitialize) {
> > > > >>>>>>>>           super.init(new FilterConfig() {
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public String getFilterName() {
> > > > >>>>>>>>                   return "CustomWebSessionFilter";
> > > > >>>>>>>>               }
> > > > >>>>>>>>
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public ServletContext getServletContext() {
> > > > >>>>>>>>                   return req.getServletContext();
> > > > >>>>>>>>               }
> > > > >>>>>>>>
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public String getInitParameter(String name) {
> > > > >>>>>>>>                   return null;
> > > > >>>>>>>>               }
> > > > >>>>>>>>
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public Enumeration<String>
> > > getInitParameterNames() {
> > > > >>>>>>>>                   return null;
> > > > >>>>>>>>               }
> > > > >>>>>>>>           });
> > > > >>>>>>>>           igniteInitialize = true;
> > > > >>>>>>>>       }
> > > > >>>>>>>>       super.doFilter(req,res,chain);
> > > > >>>>>>>>   }
> > > > >>>>>>>> }
> > > > >>>>>>>>
> > > > >>>>>>>> And in SecurityConfig.java add following line to invoke
> filter
> > > > >>>> before
> > > > >>>>>>>> Ignite Web Session filter -
> > > > >>>>>>>>
> > > > >>>>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> > > > >>>>>>>>
> > > > >>>>>>>> Hope it helps..
> > > > >>>>>>>>
> > > > >>>>>>>> Thanks,
> > > > >>>>>>>>
> > > > >>>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> > > > >>>>>>>> valentin.kulichenko@gmail.com <javascript:;>> wrote:
> > > > >>>>>>>>
> > > > >>>>>>>>> Rishi,
> > > > >>>>>>>>>
> > > > >>>>>>>>> Can you please share how you forced Ignite filter to be
> > invoked
> > > > >>>>>> before
> > > > >>>>>>>>> security filter?
> > > > >>>>>>>>>
> > > > >>>>>>>>> -Val
> > > > >>>>>>>>>
> > > > >>>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> > > > >>>> rishiyagnik@gmail.com <javascript:;>
> > > > >>>>>>>
> > > > >>>>>>>>> wrote:
> > > > >>>>>>>>>
> > > > >>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> Thanks for the response, we have executed ignite filter
> > before
> > > > >>>>>> spring
> > > > >>>>>>>>>> security filter but somehow the ignite filter does not do
> > the
> > > > job
> > > > >>>>>> of
> > > > >>>>>>>>>> setting spring principle context.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> As a result even though we have spring principle in
> session,
> > > > >>>> spring
> > > > >>>>>>>>> filter
> > > > >>>>>>>>>> does not recognize it and sends us back to log in page.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> I think there s some more work needed here to change the
> > > filter
> > > > >>>> and
> > > > >>>>>>> make
> > > > >>>>>>>>>> it work with spring boot application.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> Take Care,
> > > > >>>>>>>>>> Rishi
> > > > >>>>>>>>>>
> > > > >>>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > > > >>>>>>>>>> valentin.kulichenko@gmail.com <javascript:;>> wrote:
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> I did some debugging. Apparently, the reason for this
> > > behavior
> > > > >>>> is
> > > > >>>>>>> that
> > > > >>>>>>>>>>> Spring Security filter resides before Ignite's filter in
> > the
> > > > >>>>>> chain
> > > > >>>>>>>>> list.
> > > > >>>>>>>>>> I
> > > > >>>>>>>>>>> think that eventually this should be fixed in the
> product,
> > > but
> > > > >>>> in
> > > > >>>>>>> the
> > > > >>>>>>>>>>> meantime there must be a way to work around the problem
> by
> > > > >>>>>>> controlling
> > > > >>>>>>>>>> the
> > > > >>>>>>>>>>> order. Do you know how this can be done in Spring Boot?
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> -Val
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> > > > >>>>>>> rishiyagnik@gmail.com <javascript:;>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Sorry for pestering, thanks for all your help.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > > > >>>>>>>>>>>> valentin.kulichenko@gmail.com <javascript:;>> wrote:
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs,
> will
> > > try
> > > > >>>> to
> > > > >>>>>>>>> give an
> > > > >>>>>>>>>>>>> update as soon as possible.
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> > > > >>>>>>>>> rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> any update on session replication issue ?
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> > > > >>>>>>>>> rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>> Thanks Val for looking into it.
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko
> <
> > > > >>>>>>>>>>>>>>> valentin.kulichenko@gmail.com <javascript:;>> wrote:
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll
> take a
> > > > >>>> look
> > > > >>>>>> and
> > > > >>>>>>>>> let
> > > > >>>>>>>>>>>>> you
> > > > >>>>>>>>>>>>>>>> know my findings soon.
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > > > >>>>>>>>>>>> rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> The issue will occur in cluster environment, please
> > > setup
> > > > >>>>>> the
> > > > >>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>> boot
> > > > >>>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy)
> in
> > > > >>>> front
> > > > >>>>>> and
> > > > >>>>>>>>> try
> > > > >>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>>> login.
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> In cluster environment, Spring security does not
> > > > >>>> recognize
> > > > >>>>>> the
> > > > >>>>>>>>>>>>> session
> > > > >>>>>>>>>>>>>>>> on
> > > > >>>>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
> > > > >>>>>> security
> > > > >>>>>>>>> will
> > > > >>>>>>>>>>>>>>>> redirect
> > > > >>>>>>>>>>>>>>>>> to login url however the correct behavior should be
> > > that
> > > > >>>>>> user
> > > > >>>>>>>>>>>> would
> > > > >>>>>>>>>>>>>> stay
> > > > >>>>>>>>>>>>>>>>> logged in with session replication.
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> Do let me know if you need more information.
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin
> Kulichenko
> > <
> > > > >>>>>>>>>>>>>>>>> valentin.kulichenko@gmail.com <javascript:;>>
> wrote:
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> I was able to build and run the application. Can
> you
> > > > >>>> give
> > > > >>>>>>> some
> > > > >>>>>>>>>>>>>>>>> description
> > > > >>>>>>>>>>>>>>>>>> on what should I test to understand the issue?
> What
> > > > >>>>>> exactly
> > > > >>>>>>>>>>>> didn't
> > > > >>>>>>>>>>>>>>>> work
> > > > >>>>>>>>>>>>>>>>> for
> > > > >>>>>>>>>>>>>>>>>> you?
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin
> > Kulichenko
> > > <
> > > > >>>>>>>>>>>>>>>>>> valentin.kulichenko@gmail.com <javascript:;>>
> > wrote:
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> > > > >>>>>>>>>>>>>>>> rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> As promised, please find attached code for
> spring
> > > boot
> > > > >>>>>>>>>>>>>> integration
> > > > >>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>> spring security along with Ignite.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Some more information on project -
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB
> 1.4.3 )
> > > > >>>>>>>>>>>>>>>>>>>> - spring security integrated with boot project
> > along
> > > > >>>>>> with
> > > > >>>>>>>>>>>>>> ignite
> > > > >>>>>>>>>>>>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not
> > > > >>>> work,
> > > > >>>>>>>>>>>> gives
> > > > >>>>>>>>>>>>>>>>>>>> intermediate errors on single instance so used
> > > > >>>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
> > > > >>>>>>>>>>>>>>>>>>>> for CSRF token, again I think we need a fix here
> > > > >>>> from
> > > > >>>>>>>>>>>>> Ignite.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running
> on
> > > > >>>>>> single
> > > > >>>>>>>>>>>>>> instance,
> > > > >>>>>>>>>>>>>>>>> you
> > > > >>>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance
> > > having
> > > > >>>>>> proxy
> > > > >>>>>>>>>>>> in
> > > > >>>>>>>>>>>>>>>> front (
> > > > >>>>>>>>>>>>>>>>>> F5,
> > > > >>>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no
> > sticky
> > > > >>>>>> session
> > > > >>>>>>>>>>>> on
> > > > >>>>>>>>>>>>> F5
> > > > >>>>>>>>>>>>>>>> OR
> > > > >>>>>>>>>>>>>>>>>>>> proxies ).
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> We were thinking with round robin the user
> session
> > > > >>>> will
> > > > >>>>>>>>>>>> active
> > > > >>>>>>>>>>>>>>>> since
> > > > >>>>>>>>>>>>>>>>> we
> > > > >>>>>>>>>>>>>>>>>>>> used session replication on backend.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Do let me know if you need more information
> here.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> > > > >>>>>>>>>>>>>>>> rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> Val,
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have
> > asked
> > > > >>>> for
> > > > >>>>>> an
> > > > >>>>>>>>>>>>>>>> approval to
> > > > >>>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day
> > or
> > > > >>>> two.
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> I will keep you posted.
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> Thanks for all your help,
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> > > > >>>>>>>>>>>>>>>> rishiyagnik@gmail.com <javascript:;>
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send
> it
> > > > >>>>>> across to
> > > > >>>>>>>>>>>>> you.
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> > > > >>>> Kulichenko <
> > > > >>>>>>>>>>>>>>>>>>>>>> valentin.kulichenko@gmail.com <javascript:;>>
> > wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> Rishi,
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should
> > > start
> > > > >>>>>>> with.
> > > > >>>>>>>>>>>> I
> > > > >>>>>>>>>>>>>>>> want to
> > > > >>>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
> > > > >>>> supported
> > > > >>>>>>> (if
> > > > >>>>>>>>>>>>> any)
> > > > >>>>>>>>>>>>>>>> and
> > > > >>>>>>>>>>>>>>>>>> then
> > > > >>>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to
> > reuse
> > > > >>>>>>> existing
> > > > >>>>>>>>>>>>>> code
> > > > >>>>>>>>>>>>>>>> as
> > > > >>>>>>>>>>>>>>>>>>>>>>> much as
> > > > >>>>>>>>>>>>>>>>>>>>>>> possible.
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the
> > problem
> > > > >>>> you
> > > > >>>>>> had
> > > > >>>>>>>>>>>> and
> > > > >>>>>>>>>>>>>> how
> > > > >>>>>>>>>>>>>>>>> you
> > > > >>>>>>>>>>>>>>>>>>>>>>> tried
> > > > >>>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering?
> Can
> > > you
> > > > >>>>>> share
> > > > >>>>>>>>>>>> it
> > > > >>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>> us?
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi
> Yagnik
> > <
> > > > >>>>>>>>>>>>>>>>>> rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring
> > security
> > > > >>>>>> and we
> > > > >>>>>>>>>>>>>> found
> > > > >>>>>>>>>>>>>>>> out
> > > > >>>>>>>>>>>>>>>>>>>>>>> that the
> > > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not
> > work
> > > > >>>> for
> > > > >>>>>>>>>>>>> session
> > > > >>>>>>>>>>>>>>>>>>>>>>> management on
> > > > >>>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in
> > result
> > > in
> > > > >>>>>> some
> > > > >>>>>>>>>>>>>> weird
> > > > >>>>>>>>>>>>>>>>>> errors
> > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security
> > > somehow,
> > > > >>>>>> we
> > > > >>>>>>>>>>>> need
> > > > >>>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>>> write
> > > > >>>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web
> > session
> > > > >>>>>> filter
> > > > >>>>>>>>>>>>>> would
> > > > >>>>>>>>>>>>>>>>> work
> > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> > > > >>>>>> Kulichenko <
> > > > >>>>>>>>>>>>>>>>>>>>>>>> valentin.kulichenko@gmail.com
> <javascript:;>>
> > wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
> > > > >>>>>> clustering
> > > > >>>>>>>>>>>>>> feature
> > > > >>>>>>>>>>>>>>>>> [1]
> > > > >>>>>>>>>>>>>>>>>>>>>>> provided
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session
> docs
> > > and
> > > > >>>>>> it
> > > > >>>>>>>>>>>>> seems
> > > > >>>>>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>>> me
> > > > >>>>>>>>>>>>>>>>>>>>>>> it does
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession
> with
> > > > >>>> custom
> > > > >>>>>>>>>>>>>>>>>> implementation
> > > > >>>>>>>>>>>>>>>>>>>>>>> that
> > > > >>>>>>>>>>>>>>>>>>>>>>>> has
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide
> any
> > > > >>>>>>>>>>>> additional
> > > > >>>>>>>>>>>>>> API
> > > > >>>>>>>>>>>>>>>> or
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand
> the
> > > > >>>>>> benefit
> > > > >>>>>>>>>>>> of
> > > > >>>>>>>>>>>>>> this
> > > > >>>>>>>>>>>>>>>>>>>>>>> feature.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > > > >>>>>>>>>>>>> readme.io/docs/web-session-
> > > > >>>>>>>>>>>>>>>>>> clustering
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi
> > Yagnik <
> > > > >>>>>>>>>>>>>>>>>>>>>>> rishiyagnik@gmail.com <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session
> replication
> > /
> > > > >>>> fail
> > > > >>>>>>>>>>>>> over
> > > > >>>>>>>>>>>>>>>>> design
> > > > >>>>>>>>>>>>>>>>>> on
> > > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is
> the
> > > > >>>> best
> > > > >>>>>>>>>>>> out
> > > > >>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>> get
> > > > >>>>>>>>>>>>>>>>>>>>>>> started
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> here ?
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Make use of Spring Session for session
> > > > >>>>>>>>>>>>> replication
> > > > >>>>>>>>>>>>>>>> and
> > > > >>>>>>>>>>>>>>>>>> fail
> > > > >>>>>>>>>>>>>>>>>>>>>>> over
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Extend the web session filter and make
> it
> > > > >>>> work
> > > > >>>>>>>>>>>> on
> > > > >>>>>>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>>>>>>>>> boot
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> application
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be
> to
> > > get
> > > > >>>>>>>>>>>>> started
> > > > >>>>>>>>>>>>>>>> here
> > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for
> > feedback
> > > > >>>>>> here.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> --
> > > > >>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>> --
> > > > >>>>>>>> Rishi Yagnik
> > > > >>>>>>>>
> > > > >>>>>>>
> > > > >>>>>>>
> > > > >>>>>>>
> > > > >>>>>>> --
> > > > >>>>>>> Rishi Yagnik
> > > > >>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>>>
> > > > >>>>>
> > > > >>>>> --
> > > > >>>>> Rishi Yagnik
> > > > >>>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>> --
> > > > >>>> Rishi Yagnik
> > > > >>>>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rishi Yagnik
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Rishi Yagnik
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message