IGNITE-2741 - spring session design

> Val,
>
> Did you get chance to play around with the code ?
>
> Thanks,
>
> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]>
> wrote:
>
> > Val,
> >
> > Adding a filter before csrf filter will invoke the custom ignite filter.
> >
> > Declare a custom filter class extends it with websession filter
> >
> > public class CustomWebSessionFilter extends WebSessionFilter {
> >
> >          private static boolean igniteInitialize = false
> >
> > @Override public void doFilter(ServletRequest req, ServletResponse res,
> > FilterChain chain)
> >             throws IOException, ServletException {
> >         if(!igniteInitialize) {
> >             super.init(new FilterConfig() {
> >                 @Override
> >                 public String getFilterName() {
> >                     return "CustomWebSessionFilter";
> >                 }
> >
> >                 @Override
> >                 public ServletContext getServletContext() {
> >                     return req.getServletContext();
> >                 }
> >
> >                 @Override
> >                 public String getInitParameter(String name) {
> >                     return null;
> >                 }
> >
> >                 @Override
> >                 public Enumeration<String> getInitParameterNames() {
> >                     return null;
> >                 }
> >             });
> >             igniteInitialize = true;
> >         }
> >         super.doFilter(req,res,chain);
> >     }
> > }
> >
> > And in SecurityConfig.java add following line to invoke filter before
> > Ignite Web Session filter -
> >
> >  .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> >
> > Hope it helps..
> >
> > Thanks,
> >
> > On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> > [hidden email]> wrote:
> >
> >> Rishi,
> >>
> >> Can you please share how you forced Ignite filter to be invoked before
> >> security filter?
> >>
> >> -Val
> >>
> >> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <[hidden email]>
> >> wrote:
> >>
> >> > Hi Val,
> >> >
> >> > Thanks for the response, we have executed ignite filter before spring
> >> > security filter but somehow the ignite filter does not do the job of
> >> > setting spring principle context.
> >> >
> >> > As a result even though we have spring principle in session, spring
> >> filter
> >> > does not recognize it and sends us back to log in page.
> >> >
> >> > I think there s some more work needed here to change the filter and
> make
> >> > it work with spring boot application.
> >> >
> >> > Take Care,
> >> > Rishi
> >> >
> >> > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> >> > [hidden email]> wrote:
> >> > >
> >> > > Hi Rishi,
> >> > >
> >> > > I did some debugging. Apparently, the reason for this behavior is
> that
> >> > > Spring Security filter resides before Ignite's filter in the chain
> >> list.
> >> > I
> >> > > think that eventually this should be fixed in the product, but in
> the
> >> > > meantime there must be a way to work around the problem by
> controlling
> >> > the
> >> > > order. Do you know how this can be done in Spring Boot?
> >> > >
> >> > > -Val
> >> > >
> >> > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> [hidden email]
> >> >
> >> > wrote:
> >> > >>
> >> > >> Hi Val,
> >> > >>
> >> > >> Sorry for pestering, thanks for all your help.
> >> > >>
> >> > >> Rishi
> >> > >>
> >> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> >> > >> [hidden email]> wrote:
> >> > >>
> >> > >>> Hi Rishi,
> >> > >>>
> >> > >>> Sorry, not yet. But this on my short list of TODOs, will try to
> >> give an
> >> > >>> update as soon as possible.
> >> > >>>
> >> > >>> -Val
> >> > >>>
> >> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> >> [hidden email]>
> >> > >>> wrote:
> >> > >>>
> >> > >>>> Hi Val,
> >> > >>>>
> >> > >>>> any update on session replication issue ?
> >> > >>>>
> >> > >>>> Thanks,
> >> > >>>> Rishi
> >> > >>>>
> >> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> >> [hidden email]>
> >> > >>>> wrote:
> >> > >>>>
> >> > >>>>> Thanks Val for looking into it.
> >> > >>>>>
> >> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> >> > >>>>> [hidden email]> wrote:
> >> > >>>>>
> >> > >>>>>> Hi Rishi,
> >> > >>>>>>
> >> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a look and
> >> let
> >> > >>> you
> >> > >>>>>> know my findings soon.
> >> > >>>>>>
> >> > >>>>>> -Val
> >> > >>>>>>
> >> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> >> > >> [hidden email]>
> >> > >>>>>> wrote:
> >> > >>>>>>
> >> > >>>>>>> Hi Val,
> >> > >>>>>>>
> >> > >>>>>>> The issue will occur in cluster environment, please setup the
> >> > >> spring
> >> > >>>>>> boot
> >> > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front and
> >> try
> >> > >>> to
> >> > >>>>>>> login.
> >> > >>>>>>>
> >> > >>>>>>> In cluster environment, Spring security does not recognize the
> >> > >>> session
> >> > >>>>>> on
> >> > >>>>>>> the host you are not logged in, as a result, spring security
> >> will
> >> > >>>>>> redirect
> >> > >>>>>>> to login url however the correct behavior should be that user
> >> > >> would
> >> > >>>> stay
> >> > >>>>>>> logged in with session replication.
> >> > >>>>>>>
> >> > >>>>>>> Do let me know if you need more information.
> >> > >>>>>>>
> >> > >>>>>>> Thanks,
> >> > >>>>>>> Rishi
> >> > >>>>>>>
> >> > >>>>>>>
> >> > >>>>>>>
> >> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> >> > >>>>>>> [hidden email]> wrote:
> >> > >>>>>>>
> >> > >>>>>>>> Hi Rishi,
> >> > >>>>>>>>
> >> > >>>>>>>> I was able to build and run the application. Can you give
> some
> >> > >>>>>>> description
> >> > >>>>>>>> on what should I test to understand the issue? What exactly
> >> > >> didn't
> >> > >>>>>> work
> >> > >>>>>>> for
> >> > >>>>>>>> you?
> >> > >>>>>>>>
> >> > >>>>>>>> -Val
> >> > >>>>>>>>
> >> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> >> > >>>>>>>> [hidden email]> wrote:
> >> > >>>>>>>>
> >> > >>>>>>>>> Hi Rishi,
> >> > >>>>>>>>>
> >> > >>>>>>>>> Thanks, I'll take a look.
> >> > >>>>>>>>>
> >> > >>>>>>>>> -Val
> >> > >>>>>>>>>
> >> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> >> > >>>>>> [hidden email]>
> >> > >>>>>>>>> wrote:
> >> > >>>>>>>>>
> >> > >>>>>>>>>> Hi Val,
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> As promised, please find attached code for spring boot
> >> > >>>> integration
> >> > >>>>>>> with
> >> > >>>>>>>>>> spring security along with Ignite.
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> Some more information on project -
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>   - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> >> > >>>>>>>>>>   - spring security integrated with boot project along with
> >> > >>>> ignite
> >> > >>>>>>>>>>   - HttpSessionCookieCsrfTokenRepository does not work,
> >> > >> gives
> >> > >>>>>>>>>>   intermediate errors on single instance so used
> >> > >>>>>>>> CookieCsrfTokenRepository
> >> > >>>>>>>>>>   for CSRF token, again I think we need a fix here from
> >> > >>> Ignite.
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> I cant reproduce this errors while I am running on single
> >> > >>>> instance,
> >> > >>>>>>> you
> >> > >>>>>>>>>> need to run this app on 2 spring boot instance having proxy
> >> > >> in
> >> > >>>>>> front (
> >> > >>>>>>>> F5,
> >> > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky session
> >> > >> on
> >> > >>> F5
> >> > >>>>>> OR
> >> > >>>>>>>>>> proxies ).
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> We were thinking with round robin the user session will
> >> > >> active
> >> > >>>>>> since
> >> > >>>>>>> we
> >> > >>>>>>>>>> used session replication on backend.
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> Do let me know if you need more information here.
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> Thanks,
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> Rishi
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> >> > >>>>>> [hidden email]>
> >> > >>>>>>>>>> wrote:
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>> Val,
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> My SB sample project is ready however I have asked for an
> >> > >>>>>> approval to
> >> > >>>>>>>>>>> submit sample project to you, it would take day or two.
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> I will keep you posted.
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> Thanks for all your help,
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> >> > >>>>>> [hidden email]
> >> > >>>>>>>>
> >> > >>>>>>>>>>> wrote:
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>>> Let me build an example app for you and send it across to
> >> > >>> you.
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> Thanks,
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko <
> >> > >>>>>>>>>>>> [hidden email]> wrote:
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>>> Rishi,
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> No I don't, and I think that's what we should start
> with.
> >> > >> I
> >> > >>>>>> want to
> >> > >>>>>>>>>>>>> understand a use case that is currently not supported
> (if
> >> > >>> any)
> >> > >>>>>> and
> >> > >>>>>>>> then
> >> > >>>>>>>>>>>>> find the best solution. And I would like to reuse
> existing
> >> > >>>> code
> >> > >>>>>> as
> >> > >>>>>>>>>>>>> much as
> >> > >>>>>>>>>>>>> possible.
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> Do you have any code that reproduces the problem you had
> >> > >> and
> >> > >>>> how
> >> > >>>>>>> you
> >> > >>>>>>>>>>>>> tried
> >> > >>>>>>>>>>>>> to utilize current web session clustering? Can you share
> >> > >> it
> >> > >>>> with
> >> > >>>>>>> us?
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> -Val
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> >> > >>>>>>>> [hidden email]>
> >> > >>>>>>>>>>>>> wrote:
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> Hi Val,
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> I am working on SB platform with spring security and we
> >> > >>>> found
> >> > >>>>>> out
> >> > >>>>>>>>>>>>> that the
> >> > >>>>>>>>>>>>>> web session filter ignite provides does not work for
> >> > >>> session
> >> > >>>>>>>>>>>>> management on
> >> > >>>>>>>>>>>>>> 2 node spring boot cluster.
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in some
> >> > >>>> weird
> >> > >>>>>>>> errors
> >> > >>>>>>>>>>>>> with
> >> > >>>>>>>>>>>>>> web session filter.
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> So making compatible with spring security somehow, we
> >> > >> need
> >> > >>>> to
> >> > >>>>>>> write
> >> > >>>>>>>>>>>>>> implementation on spring session.
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> Do you have any test cases that says web session filter
> >> > >>>> would
> >> > >>>>>>> work
> >> > >>>>>>>>>>>>> with
> >> > >>>>>>>>>>>>>> spring security on boot platform ?
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> Thanks,
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko <
> >> > >>>>>>>>>>>>>> [hidden email]> wrote:
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>> Hi Rishi,
> >> > >>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>> Can you please take a look at web session clustering
> >> > >>>> feature
> >> > >>>>>>> [1]
> >> > >>>>>>>>>>>>> provided
> >> > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and it
> >> > >>> seems
> >> > >>>>>> to
> >> > >>>>>>> me
> >> > >>>>>>>>>>>>> it does
> >> > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom
> >> > >>>>>>>> implementation
> >> > >>>>>>>>>>>>> that
> >> > >>>>>>>>>>>>>> has
> >> > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> >> > >> additional
> >> > >>>> API
> >> > >>>>>> or
> >> > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the benefit
> >> > >> of
> >> > >>>> this
> >> > >>>>>>>>>>>>> feature.
> >> > >>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>> Let me know if I'm missing something.
> >> > >>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> >> > >>> readme.io/docs/web-session-
> >> > >>>>>>>> clustering
> >> > >>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>> -Val
> >> > >>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> >> > >>>>>>>>>>>>> [hidden email]>
> >> > >>>>>>>>>>>>>>> wrote:
> >> > >>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>>> I would like to discuss session replication / fail
> >> > >>> over
> >> > >>>>>>> design
> >> > >>>>>>>> on
> >> > >>>>>>>>>>>>>> spring
> >> > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best
> >> > >> out
> >> > >>> to
> >> > >>>>>> get
> >> > >>>>>>>>>>>>> started
> >> > >>>>>>>>>>>>>>> here ?
> >> > >>>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>>> Possible approaches are as follows -
> >> > >>>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>>>   - Make use of Spring Session for session
> >> > >>> replication
> >> > >>>>>> and
> >> > >>>>>>>> fail
> >> > >>>>>>>>>>>>> over
> >> > >>>>>>>>>>>>>>>>   - Extend the web session filter and make it work
> >> > >> on
> >> > >>>>>> spring
> >> > >>>>>>>>>>>>> boot
> >> > >>>>>>>>>>>>>>>>   application
> >> > >>>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get
> >> > >>> started
> >> > >>>>>> here
> >> > >>>>>>>>>>>>> with
> >> > >>>>>>>>>>>>>> spring
> >> > >>>>>>>>>>>>>>>> session design however I am open for feedback here.
> >> > >>>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>>> --
> >> > >>>>>>>>>>>>>>>> Rishi Yagnik
> >> > >>>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>> --
> >> > >>>>>>>>>>>>>> Rishi Yagnik
> >> > >>>>>>>>>>>>>>
> >> > >>>>>>>>>>>>>
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>> --
> >> > >>>>>>>>>>>> Rishi Yagnik
> >> > >>>>>>>>>>>>
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>> --
> >> > >>>>>>>>>>> Rishi Yagnik
> >> > >>>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>>
> >> > >>>>>>>>>> --
> >> > >>>>>>>>>> Rishi Yagnik
> >> > >>>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>>
> >> > >>>>>>>>
> >> > >>>>>>>
> >> > >>>>>>>
> >> > >>>>>>>
> >> > >>>>>>> --
> >> > >>>>>>> Rishi Yagnik
> >> > >>>>>>>
> >> > >>>>>>
> >> > >>>>>
> >> > >>>>>
> >> > >>>>>
> >> > >>>>> --
> >> > >>>>> Rishi Yagnik
> >> > >>>>>
> >> > >>>>
> >> > >>>>
> >> > >>>>
> >> > >>>> --
> >> > >>>> Rishi Yagnik
> >> > >>>>
> >> > >>>
> >> > >>
> >> > >>
> >> > >>
> >> > >> --
> >> > >> Rishi Yagnik
> >> > >>
> >> >
> >>
> >
> >
> >
> > --
> > Rishi Yagnik
> >
>
>
>
> --
> Rishi Yagnik
>

> Hi Rishi,
>
> I got to the bottom of it. Basically, the session is replaced in Spring
> filter, but caching happens based on the old version which doesn't have
> security attributes. The fix is going to be very easy, I will do it
> tomorrow.
>
> -Val
>
> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <[hidden email]>
> wrote:
>
> > Val,
> >
> > Did you get chance to play around with the code ?
> >
> > Thanks,
> >
> > On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]>
> > wrote:
> >
> > > Val,
> > >
> > > Adding a filter before csrf filter will invoke the custom ignite
> filter.
> > >
> > > Declare a custom filter class extends it with websession filter
> > >
> > > public class CustomWebSessionFilter extends WebSessionFilter {
> > >
> > >          private static boolean igniteInitialize = false
> > >
> > > @Override public void doFilter(ServletRequest req, ServletResponse res,
> > > FilterChain chain)
> > >             throws IOException, ServletException {
> > >         if(!igniteInitialize) {
> > >             super.init(new FilterConfig() {
> > >                 @Override
> > >                 public String getFilterName() {
> > >                     return "CustomWebSessionFilter";
> > >                 }
> > >
> > >                 @Override
> > >                 public ServletContext getServletContext() {
> > >                     return req.getServletContext();
> > >                 }
> > >
> > >                 @Override
> > >                 public String getInitParameter(String name) {
> > >                     return null;
> > >                 }
> > >
> > >                 @Override
> > >                 public Enumeration<String> getInitParameterNames() {
> > >                     return null;
> > >                 }
> > >             });
> > >             igniteInitialize = true;
> > >         }
> > >         super.doFilter(req,res,chain);
> > >     }
> > > }
> > >
> > > And in SecurityConfig.java add following line to invoke filter before
> > > Ignite Web Session filter -
> > >
> > >  .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> > >
> > > Hope it helps..
> > >
> > > Thanks,
> > >
> > > On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> > > [hidden email]> wrote:
> > >
> > >> Rishi,
> > >>
> > >> Can you please share how you forced Ignite filter to be invoked before
> > >> security filter?
> > >>
> > >> -Val
> > >>
> > >> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <[hidden email]>
> > >> wrote:
> > >>
> > >> > Hi Val,
> > >> >
> > >> > Thanks for the response, we have executed ignite filter before
> spring
> > >> > security filter but somehow the ignite filter does not do the job of
> > >> > setting spring principle context.
> > >> >
> > >> > As a result even though we have spring principle in session, spring
> > >> filter
> > >> > does not recognize it and sends us back to log in page.
> > >> >
> > >> > I think there s some more work needed here to change the filter and
> > make
> > >> > it work with spring boot application.
> > >> >
> > >> > Take Care,
> > >> > Rishi
> > >> >
> > >> > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > >> > [hidden email]> wrote:
> > >> > >
> > >> > > Hi Rishi,
> > >> > >
> > >> > > I did some debugging. Apparently, the reason for this behavior is
> > that
> > >> > > Spring Security filter resides before Ignite's filter in the chain
> > >> list.
> > >> > I
> > >> > > think that eventually this should be fixed in the product, but in
> > the
> > >> > > meantime there must be a way to work around the problem by
> > controlling
> > >> > the
> > >> > > order. Do you know how this can be done in Spring Boot?
> > >> > >
> > >> > > -Val
> > >> > >
> > >> > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> > [hidden email]
> > >> >
> > >> > wrote:
> > >> > >>
> > >> > >> Hi Val,
> > >> > >>
> > >> > >> Sorry for pestering, thanks for all your help.
> > >> > >>
> > >> > >> Rishi
> > >> > >>
> > >> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > >> > >> [hidden email]> wrote:
> > >> > >>
> > >> > >>> Hi Rishi,
> > >> > >>>
> > >> > >>> Sorry, not yet. But this on my short list of TODOs, will try to
> > >> give an
> > >> > >>> update as soon as possible.
> > >> > >>>
> > >> > >>> -Val
> > >> > >>>
> > >> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> > >> [hidden email]>
> > >> > >>> wrote:
> > >> > >>>
> > >> > >>>> Hi Val,
> > >> > >>>>
> > >> > >>>> any update on session replication issue ?
> > >> > >>>>
> > >> > >>>> Thanks,
> > >> > >>>> Rishi
> > >> > >>>>
> > >> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> > >> [hidden email]>
> > >> > >>>> wrote:
> > >> > >>>>
> > >> > >>>>> Thanks Val for looking into it.
> > >> > >>>>>
> > >> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> > >> > >>>>> [hidden email]> wrote:
> > >> > >>>>>
> > >> > >>>>>> Hi Rishi,
> > >> > >>>>>>
> > >> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a look
> and
> > >> let
> > >> > >>> you
> > >> > >>>>>> know my findings soon.
> > >> > >>>>>>
> > >> > >>>>>> -Val
> > >> > >>>>>>
> > >> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > >> > >> [hidden email]>
> > >> > >>>>>> wrote:
> > >> > >>>>>>
> > >> > >>>>>>> Hi Val,
> > >> > >>>>>>>
> > >> > >>>>>>> The issue will occur in cluster environment, please setup
> the
> > >> > >> spring
> > >> > >>>>>> boot
> > >> > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front
> and
> > >> try
> > >> > >>> to
> > >> > >>>>>>> login.
> > >> > >>>>>>>
> > >> > >>>>>>> In cluster environment, Spring security does not recognize
> the
> > >> > >>> session
> > >> > >>>>>> on
> > >> > >>>>>>> the host you are not logged in, as a result, spring security
> > >> will
> > >> > >>>>>> redirect
> > >> > >>>>>>> to login url however the correct behavior should be that
> user
> > >> > >> would
> > >> > >>>> stay
> > >> > >>>>>>> logged in with session replication.
> > >> > >>>>>>>
> > >> > >>>>>>> Do let me know if you need more information.
> > >> > >>>>>>>
> > >> > >>>>>>> Thanks,
> > >> > >>>>>>> Rishi
> > >> > >>>>>>>
> > >> > >>>>>>>
> > >> > >>>>>>>
> > >> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> > >> > >>>>>>> [hidden email]> wrote:
> > >> > >>>>>>>
> > >> > >>>>>>>> Hi Rishi,
> > >> > >>>>>>>>
> > >> > >>>>>>>> I was able to build and run the application. Can you give
> > some
> > >> > >>>>>>> description
> > >> > >>>>>>>> on what should I test to understand the issue? What exactly
> > >> > >> didn't
> > >> > >>>>>> work
> > >> > >>>>>>> for
> > >> > >>>>>>>> you?
> > >> > >>>>>>>>
> > >> > >>>>>>>> -Val
> > >> > >>>>>>>>
> > >> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> > >> > >>>>>>>> [hidden email]> wrote:
> > >> > >>>>>>>>
> > >> > >>>>>>>>> Hi Rishi,
> > >> > >>>>>>>>>
> > >> > >>>>>>>>> Thanks, I'll take a look.
> > >> > >>>>>>>>>
> > >> > >>>>>>>>> -Val
> > >> > >>>>>>>>>
> > >> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> > >> > >>>>>> [hidden email]>
> > >> > >>>>>>>>> wrote:
> > >> > >>>>>>>>>
> > >> > >>>>>>>>>> Hi Val,
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> As promised, please find attached code for spring boot
> > >> > >>>> integration
> > >> > >>>>>>> with
> > >> > >>>>>>>>>> spring security along with Ignite.
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> Some more information on project -
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>   - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> > >> > >>>>>>>>>>   - spring security integrated with boot project along
> with
> > >> > >>>> ignite
> > >> > >>>>>>>>>>   - HttpSessionCookieCsrfTokenRepository does not work,
> > >> > >> gives
> > >> > >>>>>>>>>>   intermediate errors on single instance so used
> > >> > >>>>>>>> CookieCsrfTokenRepository
> > >> > >>>>>>>>>>   for CSRF token, again I think we need a fix here from
> > >> > >>> Ignite.
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> I cant reproduce this errors while I am running on single
> > >> > >>>> instance,
> > >> > >>>>>>> you
> > >> > >>>>>>>>>> need to run this app on 2 spring boot instance having
> proxy
> > >> > >> in
> > >> > >>>>>> front (
> > >> > >>>>>>>> F5,
> > >> > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
> session
> > >> > >> on
> > >> > >>> F5
> > >> > >>>>>> OR
> > >> > >>>>>>>>>> proxies ).
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> We were thinking with round robin the user session will
> > >> > >> active
> > >> > >>>>>> since
> > >> > >>>>>>> we
> > >> > >>>>>>>>>> used session replication on backend.
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> Do let me know if you need more information here.
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> Thanks,
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> Rishi
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> > >> > >>>>>> [hidden email]>
> > >> > >>>>>>>>>> wrote:
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>> Val,
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> My SB sample project is ready however I have asked for
> an
> > >> > >>>>>> approval to
> > >> > >>>>>>>>>>> submit sample project to you, it would take day or two.
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> I will keep you posted.
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> Thanks for all your help,
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> > >> > >>>>>> [hidden email]
> > >> > >>>>>>>>
> > >> > >>>>>>>>>>> wrote:
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>>> Let me build an example app for you and send it across
> to
> > >> > >>> you.
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> Thanks,
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko <
> > >> > >>>>>>>>>>>> [hidden email]> wrote:
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> Rishi,
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> No I don't, and I think that's what we should start
> > with.
> > >> > >> I
> > >> > >>>>>> want to
> > >> > >>>>>>>>>>>>> understand a use case that is currently not supported
> > (if
> > >> > >>> any)
> > >> > >>>>>> and
> > >> > >>>>>>>> then
> > >> > >>>>>>>>>>>>> find the best solution. And I would like to reuse
> > existing
> > >> > >>>> code
> > >> > >>>>>> as
> > >> > >>>>>>>>>>>>> much as
> > >> > >>>>>>>>>>>>> possible.
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> Do you have any code that reproduces the problem you
> had
> > >> > >> and
> > >> > >>>> how
> > >> > >>>>>>> you
> > >> > >>>>>>>>>>>>> tried
> > >> > >>>>>>>>>>>>> to utilize current web session clustering? Can you
> share
> > >> > >> it
> > >> > >>>> with
> > >> > >>>>>>> us?
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> -Val
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> > >> > >>>>>>>> [hidden email]>
> > >> > >>>>>>>>>>>>> wrote:
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> Hi Val,
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> I am working on SB platform with spring security and
> we
> > >> > >>>> found
> > >> > >>>>>> out
> > >> > >>>>>>>>>>>>> that the
> > >> > >>>>>>>>>>>>>> web session filter ignite provides does not work for
> > >> > >>> session
> > >> > >>>>>>>>>>>>> management on
> > >> > >>>>>>>>>>>>>> 2 node spring boot cluster.
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in
> some
> > >> > >>>> weird
> > >> > >>>>>>>> errors
> > >> > >>>>>>>>>>>>> with
> > >> > >>>>>>>>>>>>>> web session filter.
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> So making compatible with spring security somehow, we
> > >> > >> need
> > >> > >>>> to
> > >> > >>>>>>> write
> > >> > >>>>>>>>>>>>>> implementation on spring session.
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> Do you have any test cases that says web session
> filter
> > >> > >>>> would
> > >> > >>>>>>> work
> > >> > >>>>>>>>>>>>> with
> > >> > >>>>>>>>>>>>>> spring security on boot platform ?
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> Thanks,
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko
> <
> > >> > >>>>>>>>>>>>>> [hidden email]> wrote:
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>> Hi Rishi,
> > >> > >>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>> Can you please take a look at web session clustering
> > >> > >>>> feature
> > >> > >>>>>>> [1]
> > >> > >>>>>>>>>>>>> provided
> > >> > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and it
> > >> > >>> seems
> > >> > >>>>>> to
> > >> > >>>>>>> me
> > >> > >>>>>>>>>>>>> it does
> > >> > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom
> > >> > >>>>>>>> implementation
> > >> > >>>>>>>>>>>>> that
> > >> > >>>>>>>>>>>>>> has
> > >> > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> > >> > >> additional
> > >> > >>>> API
> > >> > >>>>>> or
> > >> > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the benefit
> > >> > >> of
> > >> > >>>> this
> > >> > >>>>>>>>>>>>> feature.
> > >> > >>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>> Let me know if I'm missing something.
> > >> > >>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > >> > >>> readme.io/docs/web-session-
> > >> > >>>>>>>> clustering
> > >> > >>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>> -Val
> > >> > >>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> > >> > >>>>>>>>>>>>> [hidden email]>
> > >> > >>>>>>>>>>>>>>> wrote:
> > >> > >>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>>> I would like to discuss session replication / fail
> > >> > >>> over
> > >> > >>>>>>> design
> > >> > >>>>>>>> on
> > >> > >>>>>>>>>>>>>> spring
> > >> > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best
> > >> > >> out
> > >> > >>> to
> > >> > >>>>>> get
> > >> > >>>>>>>>>>>>> started
> > >> > >>>>>>>>>>>>>>> here ?
> > >> > >>>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>>> Possible approaches are as follows -
> > >> > >>>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>>>   - Make use of Spring Session for session
> > >> > >>> replication
> > >> > >>>>>> and
> > >> > >>>>>>>> fail
> > >> > >>>>>>>>>>>>> over
> > >> > >>>>>>>>>>>>>>>>   - Extend the web session filter and make it work
> > >> > >> on
> > >> > >>>>>> spring
> > >> > >>>>>>>>>>>>> boot
> > >> > >>>>>>>>>>>>>>>>   application
> > >> > >>>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get
> > >> > >>> started
> > >> > >>>>>> here
> > >> > >>>>>>>>>>>>> with
> > >> > >>>>>>>>>>>>>> spring
> > >> > >>>>>>>>>>>>>>>> session design however I am open for feedback here.
> > >> > >>>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>>> --
> > >> > >>>>>>>>>>>>>>>> Rishi Yagnik
> > >> > >>>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>> --
> > >> > >>>>>>>>>>>>>> Rishi Yagnik
> > >> > >>>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>>
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>> --
> > >> > >>>>>>>>>>>> Rishi Yagnik
> > >> > >>>>>>>>>>>>
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>> --
> > >> > >>>>>>>>>>> Rishi Yagnik
> > >> > >>>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>> --
> > >> > >>>>>>>>>> Rishi Yagnik
> > >> > >>>>>>>>>>
> > >> > >>>>>>>>>
> > >> > >>>>>>>>>
> > >> > >>>>>>>>
> > >> > >>>>>>>
> > >> > >>>>>>>
> > >> > >>>>>>>
> > >> > >>>>>>> --
> > >> > >>>>>>> Rishi Yagnik
> > >> > >>>>>>>
> > >> > >>>>>>
> > >> > >>>>>
> > >> > >>>>>
> > >> > >>>>>
> > >> > >>>>> --
> > >> > >>>>> Rishi Yagnik
> > >> > >>>>>
> > >> > >>>>
> > >> > >>>>
> > >> > >>>>
> > >> > >>>> --
> > >> > >>>> Rishi Yagnik
> > >> > >>>>
> > >> > >>>
> > >> > >>
> > >> > >>
> > >> > >>
> > >> > >> --
> > >> > >> Rishi Yagnik
> > >> > >>
> > >> >
> > >>
> > >
> > >
> > >
> > > --
> > > Rishi Yagnik
> > >
> >
> >
> >
> > --
> > Rishi Yagnik
> >
>

> Hi Val,
>
> Do you think I can test a fix in 1.9 RC releases ? How are you planning to
> release a fix ?
>
> Did you also look into problem where storing xsrf token in Ignite returns
> an exception and does not behave as expected ?
>
> In SecurityConfig.java use HttpSessionCsrfTokenRepository with following
> code -
>
> .csrfTokenRepository(csrfTokenRepository())
>
> private CsrfTokenRepository csrfTokenRepository() {
>     HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
>     repository.setHeaderName("X-XSRF-TOKEN");
>     return repository;
> }
>
> Thank you for all your help,
>
>
> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> [hidden email]> wrote:
>
>> Hi Rishi,
>>
>> I got to the bottom of it. Basically, the session is replaced in Spring
>> filter, but caching happens based on the old version which doesn't have
>> security attributes. The fix is going to be very easy, I will do it
>> tomorrow.
>>
>> -Val
>>
>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <[hidden email]>
>> wrote:
>>
>> > Val,
>> >
>> > Did you get chance to play around with the code ?
>> >
>> > Thanks,
>> >
>> > On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]>
>> > wrote:
>> >
>> > > Val,
>> > >
>> > > Adding a filter before csrf filter will invoke the custom ignite
>> filter.
>> > >
>> > > Declare a custom filter class extends it with websession filter
>> > >
>> > > public class CustomWebSessionFilter extends WebSessionFilter {
>> > >
>> > >          private static boolean igniteInitialize = false
>> > >
>> > > @Override public void doFilter(ServletRequest req, ServletResponse
>> res,
>> > > FilterChain chain)
>> > >             throws IOException, ServletException {
>> > >         if(!igniteInitialize) {
>> > >             super.init(new FilterConfig() {
>> > >                 @Override
>> > >                 public String getFilterName() {
>> > >                     return "CustomWebSessionFilter";
>> > >                 }
>> > >
>> > >                 @Override
>> > >                 public ServletContext getServletContext() {
>> > >                     return req.getServletContext();
>> > >                 }
>> > >
>> > >                 @Override
>> > >                 public String getInitParameter(String name) {
>> > >                     return null;
>> > >                 }
>> > >
>> > >                 @Override
>> > >                 public Enumeration<String> getInitParameterNames() {
>> > >                     return null;
>> > >                 }
>> > >             });
>> > >             igniteInitialize = true;
>> > >         }
>> > >         super.doFilter(req,res,chain);
>> > >     }
>> > > }
>> > >
>> > > And in SecurityConfig.java add following line to invoke filter before
>> > > Ignite Web Session filter -
>> > >
>> > >  .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
>> > >
>> > > Hope it helps..
>> > >
>> > > Thanks,
>> > >
>> > > On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
>> > > [hidden email]> wrote:
>> > >
>> > >> Rishi,
>> > >>
>> > >> Can you please share how you forced Ignite filter to be invoked
>> before
>> > >> security filter?
>> > >>
>> > >> -Val
>> > >>
>> > >> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <[hidden email]
>> >
>> > >> wrote:
>> > >>
>> > >> > Hi Val,
>> > >> >
>> > >> > Thanks for the response, we have executed ignite filter before
>> spring
>> > >> > security filter but somehow the ignite filter does not do the job
>> of
>> > >> > setting spring principle context.
>> > >> >
>> > >> > As a result even though we have spring principle in session, spring
>> > >> filter
>> > >> > does not recognize it and sends us back to log in page.
>> > >> >
>> > >> > I think there s some more work needed here to change the filter and
>> > make
>> > >> > it work with spring boot application.
>> > >> >
>> > >> > Take Care,
>> > >> > Rishi
>> > >> >
>> > >> > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
>> > >> > [hidden email]> wrote:
>> > >> > >
>> > >> > > Hi Rishi,
>> > >> > >
>> > >> > > I did some debugging. Apparently, the reason for this behavior is
>> > that
>> > >> > > Spring Security filter resides before Ignite's filter in the
>> chain
>> > >> list.
>> > >> > I
>> > >> > > think that eventually this should be fixed in the product, but in
>> > the
>> > >> > > meantime there must be a way to work around the problem by
>> > controlling
>> > >> > the
>> > >> > > order. Do you know how this can be done in Spring Boot?
>> > >> > >
>> > >> > > -Val
>> > >> > >
>> > >> > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
>> > [hidden email]
>> > >> >
>> > >> > wrote:
>> > >> > >>
>> > >> > >> Hi Val,
>> > >> > >>
>> > >> > >> Sorry for pestering, thanks for all your help.
>> > >> > >>
>> > >> > >> Rishi
>> > >> > >>
>> > >> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
>> > >> > >> [hidden email]> wrote:
>> > >> > >>
>> > >> > >>> Hi Rishi,
>> > >> > >>>
>> > >> > >>> Sorry, not yet. But this on my short list of TODOs, will try to
>> > >> give an
>> > >> > >>> update as soon as possible.
>> > >> > >>>
>> > >> > >>> -Val
>> > >> > >>>
>> > >> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
>> > >> [hidden email]>
>> > >> > >>> wrote:
>> > >> > >>>
>> > >> > >>>> Hi Val,
>> > >> > >>>>
>> > >> > >>>> any update on session replication issue ?
>> > >> > >>>>
>> > >> > >>>> Thanks,
>> > >> > >>>> Rishi
>> > >> > >>>>
>> > >> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
>> > >> [hidden email]>
>> > >> > >>>> wrote:
>> > >> > >>>>
>> > >> > >>>>> Thanks Val for looking into it.
>> > >> > >>>>>
>> > >> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
>> > >> > >>>>> [hidden email]> wrote:
>> > >> > >>>>>
>> > >> > >>>>>> Hi Rishi,
>> > >> > >>>>>>
>> > >> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a look
>> and
>> > >> let
>> > >> > >>> you
>> > >> > >>>>>> know my findings soon.
>> > >> > >>>>>>
>> > >> > >>>>>> -Val
>> > >> > >>>>>>
>> > >> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
>> > >> > >> [hidden email]>
>> > >> > >>>>>> wrote:
>> > >> > >>>>>>
>> > >> > >>>>>>> Hi Val,
>> > >> > >>>>>>>
>> > >> > >>>>>>> The issue will occur in cluster environment, please setup
>> the
>> > >> > >> spring
>> > >> > >>>>>> boot
>> > >> > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front
>> and
>> > >> try
>> > >> > >>> to
>> > >> > >>>>>>> login.
>> > >> > >>>>>>>
>> > >> > >>>>>>> In cluster environment, Spring security does not recognize
>> the
>> > >> > >>> session
>> > >> > >>>>>> on
>> > >> > >>>>>>> the host you are not logged in, as a result, spring
>> security
>> > >> will
>> > >> > >>>>>> redirect
>> > >> > >>>>>>> to login url however the correct behavior should be that
>> user
>> > >> > >> would
>> > >> > >>>> stay
>> > >> > >>>>>>> logged in with session replication.
>> > >> > >>>>>>>
>> > >> > >>>>>>> Do let me know if you need more information.
>> > >> > >>>>>>>
>> > >> > >>>>>>> Thanks,
>> > >> > >>>>>>> Rishi
>> > >> > >>>>>>>
>> > >> > >>>>>>>
>> > >> > >>>>>>>
>> > >> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
>> > >> > >>>>>>> [hidden email]> wrote:
>> > >> > >>>>>>>
>> > >> > >>>>>>>> Hi Rishi,
>> > >> > >>>>>>>>
>> > >> > >>>>>>>> I was able to build and run the application. Can you give
>> > some
>> > >> > >>>>>>> description
>> > >> > >>>>>>>> on what should I test to understand the issue? What
>> exactly
>> > >> > >> didn't
>> > >> > >>>>>> work
>> > >> > >>>>>>> for
>> > >> > >>>>>>>> you?
>> > >> > >>>>>>>>
>> > >> > >>>>>>>> -Val
>> > >> > >>>>>>>>
>> > >> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
>> > >> > >>>>>>>> [hidden email]> wrote:
>> > >> > >>>>>>>>
>> > >> > >>>>>>>>> Hi Rishi,
>> > >> > >>>>>>>>>
>> > >> > >>>>>>>>> Thanks, I'll take a look.
>> > >> > >>>>>>>>>
>> > >> > >>>>>>>>> -Val
>> > >> > >>>>>>>>>
>> > >> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
>> > >> > >>>>>> [hidden email]>
>> > >> > >>>>>>>>> wrote:
>> > >> > >>>>>>>>>
>> > >> > >>>>>>>>>> Hi Val,
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> As promised, please find attached code for spring boot
>> > >> > >>>> integration
>> > >> > >>>>>>> with
>> > >> > >>>>>>>>>> spring security along with Ignite.
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> Some more information on project -
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>>   - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
>> > >> > >>>>>>>>>>   - spring security integrated with boot project along
>> with
>> > >> > >>>> ignite
>> > >> > >>>>>>>>>>   - HttpSessionCookieCsrfTokenRepository does not work,
>> > >> > >> gives
>> > >> > >>>>>>>>>>   intermediate errors on single instance so used
>> > >> > >>>>>>>> CookieCsrfTokenRepository
>> > >> > >>>>>>>>>>   for CSRF token, again I think we need a fix here from
>> > >> > >>> Ignite.
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> I cant reproduce this errors while I am running on
>> single
>> > >> > >>>> instance,
>> > >> > >>>>>>> you
>> > >> > >>>>>>>>>> need to run this app on 2 spring boot instance having
>> proxy
>> > >> > >> in
>> > >> > >>>>>> front (
>> > >> > >>>>>>>> F5,
>> > >> > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
>> session
>> > >> > >> on
>> > >> > >>> F5
>> > >> > >>>>>> OR
>> > >> > >>>>>>>>>> proxies ).
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> We were thinking with round robin the user session will
>> > >> > >> active
>> > >> > >>>>>> since
>> > >> > >>>>>>> we
>> > >> > >>>>>>>>>> used session replication on backend.
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> Do let me know if you need more information here.
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> Thanks,
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> Rishi
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
>> > >> > >>>>>> [hidden email]>
>> > >> > >>>>>>>>>> wrote:
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>>> Val,
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>> My SB sample project is ready however I have asked for
>> an
>> > >> > >>>>>> approval to
>> > >> > >>>>>>>>>>> submit sample project to you, it would take day or two.
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>> I will keep you posted.
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>> Thanks for all your help,
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
>> > >> > >>>>>> [hidden email]
>> > >> > >>>>>>>>
>> > >> > >>>>>>>>>>> wrote:
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>>> Let me build an example app for you and send it
>> across to
>> > >> > >>> you.
>> > >> > >>>>>>>>>>>>
>> > >> > >>>>>>>>>>>> Thanks,
>> > >> > >>>>>>>>>>>>
>> > >> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko <
>> > >> > >>>>>>>>>>>> [hidden email]> wrote:
>> > >> > >>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>> Rishi,
>> > >> > >>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>> No I don't, and I think that's what we should start
>> > with.
>> > >> > >> I
>> > >> > >>>>>> want to
>> > >> > >>>>>>>>>>>>> understand a use case that is currently not supported
>> > (if
>> > >> > >>> any)
>> > >> > >>>>>> and
>> > >> > >>>>>>>> then
>> > >> > >>>>>>>>>>>>> find the best solution. And I would like to reuse
>> > existing
>> > >> > >>>> code
>> > >> > >>>>>> as
>> > >> > >>>>>>>>>>>>> much as
>> > >> > >>>>>>>>>>>>> possible.
>> > >> > >>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>> Do you have any code that reproduces the problem you
>> had
>> > >> > >> and
>> > >> > >>>> how
>> > >> > >>>>>>> you
>> > >> > >>>>>>>>>>>>> tried
>> > >> > >>>>>>>>>>>>> to utilize current web session clustering? Can you
>> share
>> > >> > >> it
>> > >> > >>>> with
>> > >> > >>>>>>> us?
>> > >> > >>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>> -Val
>> > >> > >>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
>> > >> > >>>>>>>> [hidden email]>
>> > >> > >>>>>>>>>>>>> wrote:
>> > >> > >>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> Hi Val,
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> I am working on SB platform with spring security
>> and we
>> > >> > >>>> found
>> > >> > >>>>>> out
>> > >> > >>>>>>>>>>>>> that the
>> > >> > >>>>>>>>>>>>>> web session filter ignite provides does not work for
>> > >> > >>> session
>> > >> > >>>>>>>>>>>>> management on
>> > >> > >>>>>>>>>>>>>> 2 node spring boot cluster.
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in
>> some
>> > >> > >>>> weird
>> > >> > >>>>>>>> errors
>> > >> > >>>>>>>>>>>>> with
>> > >> > >>>>>>>>>>>>>> web session filter.
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> So making compatible with spring security somehow,
>> we
>> > >> > >> need
>> > >> > >>>> to
>> > >> > >>>>>>> write
>> > >> > >>>>>>>>>>>>>> implementation on spring session.
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> Do you have any test cases that says web session
>> filter
>> > >> > >>>> would
>> > >> > >>>>>>> work
>> > >> > >>>>>>>>>>>>> with
>> > >> > >>>>>>>>>>>>>> spring security on boot platform ?
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> Thanks,
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
>> Kulichenko <
>> > >> > >>>>>>>>>>>>>> [hidden email]> wrote:
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>> Hi Rishi,
>> > >> > >>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>> Can you please take a look at web session
>> clustering
>> > >> > >>>> feature
>> > >> > >>>>>>> [1]
>> > >> > >>>>>>>>>>>>> provided
>> > >> > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and
>> it
>> > >> > >>> seems
>> > >> > >>>>>> to
>> > >> > >>>>>>> me
>> > >> > >>>>>>>>>>>>> it does
>> > >> > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom
>> > >> > >>>>>>>> implementation
>> > >> > >>>>>>>>>>>>> that
>> > >> > >>>>>>>>>>>>>> has
>> > >> > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
>> > >> > >> additional
>> > >> > >>>> API
>> > >> > >>>>>> or
>> > >> > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the
>> benefit
>> > >> > >> of
>> > >> > >>>> this
>> > >> > >>>>>>>>>>>>> feature.
>> > >> > >>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>> Let me know if I'm missing something.
>> > >> > >>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix.
>> > >> > >>> readme.io/docs/web-session-
>> > >> > >>>>>>>> clustering
>> > >> > >>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>> -Val
>> > >> > >>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
>> > >> > >>>>>>>>>>>>> [hidden email]>
>> > >> > >>>>>>>>>>>>>>> wrote:
>> > >> > >>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>>> I would like to discuss session replication / fail
>> > >> > >>> over
>> > >> > >>>>>>> design
>> > >> > >>>>>>>> on
>> > >> > >>>>>>>>>>>>>> spring
>> > >> > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best
>> > >> > >> out
>> > >> > >>> to
>> > >> > >>>>>> get
>> > >> > >>>>>>>>>>>>> started
>> > >> > >>>>>>>>>>>>>>> here ?
>> > >> > >>>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>>> Possible approaches are as follows -
>> > >> > >>>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>>>   - Make use of Spring Session for session
>> > >> > >>> replication
>> > >> > >>>>>> and
>> > >> > >>>>>>>> fail
>> > >> > >>>>>>>>>>>>> over
>> > >> > >>>>>>>>>>>>>>>>   - Extend the web session filter and make it work
>> > >> > >> on
>> > >> > >>>>>> spring
>> > >> > >>>>>>>>>>>>> boot
>> > >> > >>>>>>>>>>>>>>>>   application
>> > >> > >>>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get
>> > >> > >>> started
>> > >> > >>>>>> here
>> > >> > >>>>>>>>>>>>> with
>> > >> > >>>>>>>>>>>>>> spring
>> > >> > >>>>>>>>>>>>>>>> session design however I am open for feedback
>> here.
>> > >> > >>>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>>> --
>> > >> > >>>>>>>>>>>>>>>> Rishi Yagnik
>> > >> > >>>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>> --
>> > >> > >>>>>>>>>>>>>> Rishi Yagnik
>> > >> > >>>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>
>> > >> > >>>>>>>>>>>>
>> > >> > >>>>>>>>>>>> --
>> > >> > >>>>>>>>>>>> Rishi Yagnik
>> > >> > >>>>>>>>>>>>
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>> --
>> > >> > >>>>>>>>>>> Rishi Yagnik
>> > >> > >>>>>>>>>>>
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>> --
>> > >> > >>>>>>>>>> Rishi Yagnik
>> > >> > >>>>>>>>>>
>> > >> > >>>>>>>>>
>> > >> > >>>>>>>>>
>> > >> > >>>>>>>>
>> > >> > >>>>>>>
>> > >> > >>>>>>>
>> > >> > >>>>>>>
>> > >> > >>>>>>> --
>> > >> > >>>>>>> Rishi Yagnik
>> > >> > >>>>>>>
>> > >> > >>>>>>
>> > >> > >>>>>
>> > >> > >>>>>
>> > >> > >>>>>
>> > >> > >>>>> --
>> > >> > >>>>> Rishi Yagnik
>> > >> > >>>>>
>> > >> > >>>>
>> > >> > >>>>
>> > >> > >>>>
>> > >> > >>>> --
>> > >> > >>>> Rishi Yagnik
>> > >> > >>>>
>> > >> > >>>
>> > >> > >>
>> > >> > >>
>> > >> > >>
>> > >> > >> --
>> > >> > >> Rishi Yagnik
>> > >> > >>
>> > >> >
>> > >>
>> > >
>> > >
>> > >
>> > > --
>> > > Rishi Yagnik
>> > >
>> >
>> >
>> >
>> > --
>> > Rishi Yagnik
>> >
>>
>
>
>
> --
> Rishi Yagnik
>

> Hi Val,
>
> Did you chance to look into session handling issue ?
>
> Thanks,
>
> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <[hidden email]>
> wrote:
>
> > Hi Val,
> >
> > Do you think I can test a fix in 1.9 RC releases ? How are you planning
> to
> > release a fix ?
> >
> > Did you also look into problem where storing xsrf token in Ignite returns
> > an exception and does not behave as expected ?
> >
> > In SecurityConfig.java use HttpSessionCsrfTokenRepository with following
> > code -
> >
> > .csrfTokenRepository(csrfTokenRepository())
> >
> > private CsrfTokenRepository csrfTokenRepository() {
> >     HttpSessionCsrfTokenRepository repository = new
> HttpSessionCsrfTokenRepository();
> >     repository.setHeaderName("X-XSRF-TOKEN");
> >     return repository;
> > }
> >
> > Thank you for all your help,
> >
> >
> > On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> > [hidden email]> wrote:
> >
> >> Hi Rishi,
> >>
> >> I got to the bottom of it. Basically, the session is replaced in Spring
> >> filter, but caching happens based on the old version which doesn't have
> >> security attributes. The fix is going to be very easy, I will do it
> >> tomorrow.
> >>
> >> -Val
> >>
> >> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <[hidden email]>
> >> wrote:
> >>
> >> > Val,
> >> >
> >> > Did you get chance to play around with the code ?
> >> >
> >> > Thanks,
> >> >
> >> > On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]>
> >> > wrote:
> >> >
> >> > > Val,
> >> > >
> >> > > Adding a filter before csrf filter will invoke the custom ignite
> >> filter.
> >> > >
> >> > > Declare a custom filter class extends it with websession filter
> >> > >
> >> > > public class CustomWebSessionFilter extends WebSessionFilter {
> >> > >
> >> > >          private static boolean igniteInitialize = false
> >> > >
> >> > > @Override public void doFilter(ServletRequest req, ServletResponse
> >> res,
> >> > > FilterChain chain)
> >> > >             throws IOException, ServletException {
> >> > >         if(!igniteInitialize) {
> >> > >             super.init(new FilterConfig() {
> >> > >                 @Override
> >> > >                 public String getFilterName() {
> >> > >                     return "CustomWebSessionFilter";
> >> > >                 }
> >> > >
> >> > >                 @Override
> >> > >                 public ServletContext getServletContext() {
> >> > >                     return req.getServletContext();
> >> > >                 }
> >> > >
> >> > >                 @Override
> >> > >                 public String getInitParameter(String name) {
> >> > >                     return null;
> >> > >                 }
> >> > >
> >> > >                 @Override
> >> > >                 public Enumeration<String> getInitParameterNames() {
> >> > >                     return null;
> >> > >                 }
> >> > >             });
> >> > >             igniteInitialize = true;
> >> > >         }
> >> > >         super.doFilter(req,res,chain);
> >> > >     }
> >> > > }
> >> > >
> >> > > And in SecurityConfig.java add following line to invoke filter
> before
> >> > > Ignite Web Session filter -
> >> > >
> >> > >  .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> >> > >
> >> > > Hope it helps..
> >> > >
> >> > > Thanks,
> >> > >
> >> > > On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> >> > > [hidden email]> wrote:
> >> > >
> >> > >> Rishi,
> >> > >>
> >> > >> Can you please share how you forced Ignite filter to be invoked
> >> before
> >> > >> security filter?
> >> > >>
> >> > >> -Val
> >> > >>
> >> > >> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> [hidden email]
> >> >
> >> > >> wrote:
> >> > >>
> >> > >> > Hi Val,
> >> > >> >
> >> > >> > Thanks for the response, we have executed ignite filter before
> >> spring
> >> > >> > security filter but somehow the ignite filter does not do the job
> >> of
> >> > >> > setting spring principle context.
> >> > >> >
> >> > >> > As a result even though we have spring principle in session,
> spring
> >> > >> filter
> >> > >> > does not recognize it and sends us back to log in page.
> >> > >> >
> >> > >> > I think there s some more work needed here to change the filter
> and
> >> > make
> >> > >> > it work with spring boot application.
> >> > >> >
> >> > >> > Take Care,
> >> > >> > Rishi
> >> > >> >
> >> > >> > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> >> > >> > [hidden email]> wrote:
> >> > >> > >
> >> > >> > > Hi Rishi,
> >> > >> > >
> >> > >> > > I did some debugging. Apparently, the reason for this behavior
> is
> >> > that
> >> > >> > > Spring Security filter resides before Ignite's filter in the
> >> chain
> >> > >> list.
> >> > >> > I
> >> > >> > > think that eventually this should be fixed in the product, but
> in
> >> > the
> >> > >> > > meantime there must be a way to work around the problem by
> >> > controlling
> >> > >> > the
> >> > >> > > order. Do you know how this can be done in Spring Boot?
> >> > >> > >
> >> > >> > > -Val
> >> > >> > >
> >> > >> > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> >> > [hidden email]
> >> > >> >
> >> > >> > wrote:
> >> > >> > >>
> >> > >> > >> Hi Val,
> >> > >> > >>
> >> > >> > >> Sorry for pestering, thanks for all your help.
> >> > >> > >>
> >> > >> > >> Rishi
> >> > >> > >>
> >> > >> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> >> > >> > >> [hidden email]> wrote:
> >> > >> > >>
> >> > >> > >>> Hi Rishi,
> >> > >> > >>>
> >> > >> > >>> Sorry, not yet. But this on my short list of TODOs, will try
> to
> >> > >> give an
> >> > >> > >>> update as soon as possible.
> >> > >> > >>>
> >> > >> > >>> -Val
> >> > >> > >>>
> >> > >> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> >> > >> [hidden email]>
> >> > >> > >>> wrote:
> >> > >> > >>>
> >> > >> > >>>> Hi Val,
> >> > >> > >>>>
> >> > >> > >>>> any update on session replication issue ?
> >> > >> > >>>>
> >> > >> > >>>> Thanks,
> >> > >> > >>>> Rishi
> >> > >> > >>>>
> >> > >> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> >> > >> [hidden email]>
> >> > >> > >>>> wrote:
> >> > >> > >>>>
> >> > >> > >>>>> Thanks Val for looking into it.
> >> > >> > >>>>>
> >> > >> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> >> > >> > >>>>> [hidden email]> wrote:
> >> > >> > >>>>>
> >> > >> > >>>>>> Hi Rishi,
> >> > >> > >>>>>>
> >> > >> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a
> look
> >> and
> >> > >> let
> >> > >> > >>> you
> >> > >> > >>>>>> know my findings soon.
> >> > >> > >>>>>>
> >> > >> > >>>>>> -Val
> >> > >> > >>>>>>
> >> > >> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> >> > >> > >> [hidden email]>
> >> > >> > >>>>>> wrote:
> >> > >> > >>>>>>
> >> > >> > >>>>>>> Hi Val,
> >> > >> > >>>>>>>
> >> > >> > >>>>>>> The issue will occur in cluster environment, please setup
> >> the
> >> > >> > >> spring
> >> > >> > >>>>>> boot
> >> > >> > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
> front
> >> and
> >> > >> try
> >> > >> > >>> to
> >> > >> > >>>>>>> login.
> >> > >> > >>>>>>>
> >> > >> > >>>>>>> In cluster environment, Spring security does not
> recognize
> >> the
> >> > >> > >>> session
> >> > >> > >>>>>> on
> >> > >> > >>>>>>> the host you are not logged in, as a result, spring
> >> security
> >> > >> will
> >> > >> > >>>>>> redirect
> >> > >> > >>>>>>> to login url however the correct behavior should be that
> >> user
> >> > >> > >> would
> >> > >> > >>>> stay
> >> > >> > >>>>>>> logged in with session replication.
> >> > >> > >>>>>>>
> >> > >> > >>>>>>> Do let me know if you need more information.
> >> > >> > >>>>>>>
> >> > >> > >>>>>>> Thanks,
> >> > >> > >>>>>>> Rishi
> >> > >> > >>>>>>>
> >> > >> > >>>>>>>
> >> > >> > >>>>>>>
> >> > >> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> >> > >> > >>>>>>> [hidden email]> wrote:
> >> > >> > >>>>>>>
> >> > >> > >>>>>>>> Hi Rishi,
> >> > >> > >>>>>>>>
> >> > >> > >>>>>>>> I was able to build and run the application. Can you
> give
> >> > some
> >> > >> > >>>>>>> description
> >> > >> > >>>>>>>> on what should I test to understand the issue? What
> >> exactly
> >> > >> > >> didn't
> >> > >> > >>>>>> work
> >> > >> > >>>>>>> for
> >> > >> > >>>>>>>> you?
> >> > >> > >>>>>>>>
> >> > >> > >>>>>>>> -Val
> >> > >> > >>>>>>>>
> >> > >> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> >> > >> > >>>>>>>> [hidden email]> wrote:
> >> > >> > >>>>>>>>
> >> > >> > >>>>>>>>> Hi Rishi,
> >> > >> > >>>>>>>>>
> >> > >> > >>>>>>>>> Thanks, I'll take a look.
> >> > >> > >>>>>>>>>
> >> > >> > >>>>>>>>> -Val
> >> > >> > >>>>>>>>>
> >> > >> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> >> > >> > >>>>>> [hidden email]>
> >> > >> > >>>>>>>>> wrote:
> >> > >> > >>>>>>>>>
> >> > >> > >>>>>>>>>> Hi Val,
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> As promised, please find attached code for spring boot
> >> > >> > >>>> integration
> >> > >> > >>>>>>> with
> >> > >> > >>>>>>>>>> spring security along with Ignite.
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> Some more information on project -
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>>   - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> >> > >> > >>>>>>>>>>   - spring security integrated with boot project along
> >> with
> >> > >> > >>>> ignite
> >> > >> > >>>>>>>>>>   - HttpSessionCookieCsrfTokenRepository does not
> work,
> >> > >> > >> gives
> >> > >> > >>>>>>>>>>   intermediate errors on single instance so used
> >> > >> > >>>>>>>> CookieCsrfTokenRepository
> >> > >> > >>>>>>>>>>   for CSRF token, again I think we need a fix here
> from
> >> > >> > >>> Ignite.
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> I cant reproduce this errors while I am running on
> >> single
> >> > >> > >>>> instance,
> >> > >> > >>>>>>> you
> >> > >> > >>>>>>>>>> need to run this app on 2 spring boot instance having
> >> proxy
> >> > >> > >> in
> >> > >> > >>>>>> front (
> >> > >> > >>>>>>>> F5,
> >> > >> > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
> >> session
> >> > >> > >> on
> >> > >> > >>> F5
> >> > >> > >>>>>> OR
> >> > >> > >>>>>>>>>> proxies ).
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> We were thinking with round robin the user session
> will
> >> > >> > >> active
> >> > >> > >>>>>> since
> >> > >> > >>>>>>> we
> >> > >> > >>>>>>>>>> used session replication on backend.
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> Do let me know if you need more information here.
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> Thanks,
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> Rishi
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> >> > >> > >>>>>> [hidden email]>
> >> > >> > >>>>>>>>>> wrote:
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>>> Val,
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>> My SB sample project is ready however I have asked
> for
> >> an
> >> > >> > >>>>>> approval to
> >> > >> > >>>>>>>>>>> submit sample project to you, it would take day or
> two.
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>> I will keep you posted.
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>> Thanks for all your help,
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> >> > >> > >>>>>> [hidden email]
> >> > >> > >>>>>>>>
> >> > >> > >>>>>>>>>>> wrote:
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>>> Let me build an example app for you and send it
> >> across to
> >> > >> > >>> you.
> >> > >> > >>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>> Thanks,
> >> > >> > >>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> Kulichenko <
> >> > >> > >>>>>>>>>>>> [hidden email]> wrote:
> >> > >> > >>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>> Rishi,
> >> > >> > >>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>> No I don't, and I think that's what we should start
> >> > with.
> >> > >> > >> I
> >> > >> > >>>>>> want to
> >> > >> > >>>>>>>>>>>>> understand a use case that is currently not
> supported
> >> > (if
> >> > >> > >>> any)
> >> > >> > >>>>>> and
> >> > >> > >>>>>>>> then
> >> > >> > >>>>>>>>>>>>> find the best solution. And I would like to reuse
> >> > existing
> >> > >> > >>>> code
> >> > >> > >>>>>> as
> >> > >> > >>>>>>>>>>>>> much as
> >> > >> > >>>>>>>>>>>>> possible.
> >> > >> > >>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>> Do you have any code that reproduces the problem
> you
> >> had
> >> > >> > >> and
> >> > >> > >>>> how
> >> > >> > >>>>>>> you
> >> > >> > >>>>>>>>>>>>> tried
> >> > >> > >>>>>>>>>>>>> to utilize current web session clustering? Can you
> >> share
> >> > >> > >> it
> >> > >> > >>>> with
> >> > >> > >>>>>>> us?
> >> > >> > >>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>> -Val
> >> > >> > >>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> >> > >> > >>>>>>>> [hidden email]>
> >> > >> > >>>>>>>>>>>>> wrote:
> >> > >> > >>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> Hi Val,
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> I am working on SB platform with spring security
> >> and we
> >> > >> > >>>> found
> >> > >> > >>>>>> out
> >> > >> > >>>>>>>>>>>>> that the
> >> > >> > >>>>>>>>>>>>>> web session filter ignite provides does not work
> for
> >> > >> > >>> session
> >> > >> > >>>>>>>>>>>>> management on
> >> > >> > >>>>>>>>>>>>>> 2 node spring boot cluster.
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in
> >> some
> >> > >> > >>>> weird
> >> > >> > >>>>>>>> errors
> >> > >> > >>>>>>>>>>>>> with
> >> > >> > >>>>>>>>>>>>>> web session filter.
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> So making compatible with spring security somehow,
> >> we
> >> > >> > >> need
> >> > >> > >>>> to
> >> > >> > >>>>>>> write
> >> > >> > >>>>>>>>>>>>>> implementation on spring session.
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> Do you have any test cases that says web session
> >> filter
> >> > >> > >>>> would
> >> > >> > >>>>>>> work
> >> > >> > >>>>>>>>>>>>> with
> >> > >> > >>>>>>>>>>>>>> spring security on boot platform ?
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> Thanks,
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> >> Kulichenko <
> >> > >> > >>>>>>>>>>>>>> [hidden email]> wrote:
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>> Hi Rishi,
> >> > >> > >>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>> Can you please take a look at web session
> >> clustering
> >> > >> > >>>> feature
> >> > >> > >>>>>>> [1]
> >> > >> > >>>>>>>>>>>>> provided
> >> > >> > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and
> >> it
> >> > >> > >>> seems
> >> > >> > >>>>>> to
> >> > >> > >>>>>>> me
> >> > >> > >>>>>>>>>>>>> it does
> >> > >> > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with
> custom
> >> > >> > >>>>>>>> implementation
> >> > >> > >>>>>>>>>>>>> that
> >> > >> > >>>>>>>>>>>>>> has
> >> > >> > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> >> > >> > >> additional
> >> > >> > >>>> API
> >> > >> > >>>>>> or
> >> > >> > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the
> >> benefit
> >> > >> > >> of
> >> > >> > >>>> this
> >> > >> > >>>>>>>>>>>>> feature.
> >> > >> > >>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>> Let me know if I'm missing something.
> >> > >> > >>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> >> > >> > >>> readme.io/docs/web-session-
> >> > >> > >>>>>>>> clustering
> >> > >> > >>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>> -Val
> >> > >> > >>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> >> > >> > >>>>>>>>>>>>> [hidden email]>
> >> > >> > >>>>>>>>>>>>>>> wrote:
> >> > >> > >>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>>> I would like to discuss session replication /
> fail
> >> > >> > >>> over
> >> > >> > >>>>>>> design
> >> > >> > >>>>>>>> on
> >> > >> > >>>>>>>>>>>>>> spring
> >> > >> > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the
> best
> >> > >> > >> out
> >> > >> > >>> to
> >> > >> > >>>>>> get
> >> > >> > >>>>>>>>>>>>> started
> >> > >> > >>>>>>>>>>>>>>> here ?
> >> > >> > >>>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>>> Possible approaches are as follows -
> >> > >> > >>>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>>>   - Make use of Spring Session for session
> >> > >> > >>> replication
> >> > >> > >>>>>> and
> >> > >> > >>>>>>>> fail
> >> > >> > >>>>>>>>>>>>> over
> >> > >> > >>>>>>>>>>>>>>>>   - Extend the web session filter and make it
> work
> >> > >> > >> on
> >> > >> > >>>>>> spring
> >> > >> > >>>>>>>>>>>>> boot
> >> > >> > >>>>>>>>>>>>>>>>   application
> >> > >> > >>>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get
> >> > >> > >>> started
> >> > >> > >>>>>> here
> >> > >> > >>>>>>>>>>>>> with
> >> > >> > >>>>>>>>>>>>>> spring
> >> > >> > >>>>>>>>>>>>>>>> session design however I am open for feedback
> >> here.
> >> > >> > >>>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>>> --
> >> > >> > >>>>>>>>>>>>>>>> Rishi Yagnik
> >> > >> > >>>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>> --
> >> > >> > >>>>>>>>>>>>>> Rishi Yagnik
> >> > >> > >>>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>> --
> >> > >> > >>>>>>>>>>>> Rishi Yagnik
> >> > >> > >>>>>>>>>>>>
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>> --
> >> > >> > >>>>>>>>>>> Rishi Yagnik
> >> > >> > >>>>>>>>>>>
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>> --
> >> > >> > >>>>>>>>>> Rishi Yagnik
> >> > >> > >>>>>>>>>>
> >> > >> > >>>>>>>>>
> >> > >> > >>>>>>>>>
> >> > >> > >>>>>>>>
> >> > >> > >>>>>>>
> >> > >> > >>>>>>>
> >> > >> > >>>>>>>
> >> > >> > >>>>>>> --
> >> > >> > >>>>>>> Rishi Yagnik
> >> > >> > >>>>>>>
> >> > >> > >>>>>>
> >> > >> > >>>>>
> >> > >> > >>>>>
> >> > >> > >>>>>
> >> > >> > >>>>> --
> >> > >> > >>>>> Rishi Yagnik
> >> > >> > >>>>>
> >> > >> > >>>>
> >> > >> > >>>>
> >> > >> > >>>>
> >> > >> > >>>> --
> >> > >> > >>>> Rishi Yagnik
> >> > >> > >>>>
> >> > >> > >>>
> >> > >> > >>
> >> > >> > >>
> >> > >> > >>
> >> > >> > >> --
> >> > >> > >> Rishi Yagnik
> >> > >> > >>
> >> > >> >
> >> > >>
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Rishi Yagnik
> >> > >
> >> >
> >> >
> >> >
> >> > --
> >> > Rishi Yagnik
> >> >
> >>
> >
> >
> >
> > --
> > Rishi Yagnik
> >
>
>
>
> --
> Rishi Yagnik
>

> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <[hidden email]> wrote:
>
> Hi Rishi,
>
> I want to fix the bug first. It takes a bit longer than I thought, but I
> should finish it over the weekend.
>
> -Val
>
>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <[hidden email]> wrote:
>>
>> Hi Val,
>>
>> Did you chance to look into session handling issue ?
>>
>> Thanks,
>>
>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <[hidden email]>
>> wrote:
>>
>>> Hi Val,
>>>
>>> Do you think I can test a fix in 1.9 RC releases ? How are you planning
>> to
>>> release a fix ?
>>>
>>> Did you also look into problem where storing xsrf token in Ignite returns
>>> an exception and does not behave as expected ?
>>>
>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with following
>>> code -
>>>
>>> .csrfTokenRepository(csrfTokenRepository())
>>>
>>> private CsrfTokenRepository csrfTokenRepository() {
>>>    HttpSessionCsrfTokenRepository repository = new
>> HttpSessionCsrfTokenRepository();
>>>    repository.setHeaderName("X-XSRF-TOKEN");
>>>    return repository;
>>> }
>>>
>>> Thank you for all your help,
>>>
>>>
>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
>>> [hidden email]> wrote:
>>>
>>>> Hi Rishi,
>>>>
>>>> I got to the bottom of it. Basically, the session is replaced in Spring
>>>> filter, but caching happens based on the old version which doesn't have
>>>> security attributes. The fix is going to be very easy, I will do it
>>>> tomorrow.
>>>>
>>>> -Val
>>>>
>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <[hidden email]>
>>>> wrote:
>>>>
>>>>> Val,
>>>>>
>>>>> Did you get chance to play around with the code ?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]>
>>>>> wrote:
>>>>>
>>>>>> Val,
>>>>>>
>>>>>> Adding a filter before csrf filter will invoke the custom ignite
>>>> filter.
>>>>>>
>>>>>> Declare a custom filter class extends it with websession filter
>>>>>>
>>>>>> public class CustomWebSessionFilter extends WebSessionFilter {
>>>>>>
>>>>>>         private static boolean igniteInitialize = false
>>>>>>
>>>>>> @Override public void doFilter(ServletRequest req, ServletResponse
>>>> res,
>>>>>> FilterChain chain)
>>>>>>            throws IOException, ServletException {
>>>>>>        if(!igniteInitialize) {
>>>>>>            super.init(new FilterConfig() {
>>>>>>                @Override
>>>>>>                public String getFilterName() {
>>>>>>                    return "CustomWebSessionFilter";
>>>>>>                }
>>>>>>
>>>>>>                @Override
>>>>>>                public ServletContext getServletContext() {
>>>>>>                    return req.getServletContext();
>>>>>>                }
>>>>>>
>>>>>>                @Override
>>>>>>                public String getInitParameter(String name) {
>>>>>>                    return null;
>>>>>>                }
>>>>>>
>>>>>>                @Override
>>>>>>                public Enumeration<String> getInitParameterNames() {
>>>>>>                    return null;
>>>>>>                }
>>>>>>            });
>>>>>>            igniteInitialize = true;
>>>>>>        }
>>>>>>        super.doFilter(req,res,chain);
>>>>>>    }
>>>>>> }
>>>>>>
>>>>>> And in SecurityConfig.java add following line to invoke filter
>> before
>>>>>> Ignite Web Session filter -
>>>>>>
>>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
>>>>>>
>>>>>> Hope it helps..
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
>>>>>> [hidden email]> wrote:
>>>>>>
>>>>>>> Rishi,
>>>>>>>
>>>>>>> Can you please share how you forced Ignite filter to be invoked
>>>> before
>>>>>>> security filter?
>>>>>>>
>>>>>>> -Val
>>>>>>>
>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
>> [hidden email]
>>>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Val,
>>>>>>>>
>>>>>>>> Thanks for the response, we have executed ignite filter before
>>>> spring
>>>>>>>> security filter but somehow the ignite filter does not do the job
>>>> of
>>>>>>>> setting spring principle context.
>>>>>>>>
>>>>>>>> As a result even though we have spring principle in session,
>> spring
>>>>>>> filter
>>>>>>>> does not recognize it and sends us back to log in page.
>>>>>>>>
>>>>>>>> I think there s some more work needed here to change the filter
>> and
>>>>> make
>>>>>>>> it work with spring boot application.
>>>>>>>>
>>>>>>>> Take Care,
>>>>>>>> Rishi
>>>>>>>>
>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
>>>>>>>> [hidden email]> wrote:
>>>>>>>>>
>>>>>>>>> Hi Rishi,
>>>>>>>>>
>>>>>>>>> I did some debugging. Apparently, the reason for this behavior
>> is
>>>>> that
>>>>>>>>> Spring Security filter resides before Ignite's filter in the
>>>> chain
>>>>>>> list.
>>>>>>>> I
>>>>>>>>> think that eventually this should be fixed in the product, but
>> in
>>>>> the
>>>>>>>>> meantime there must be a way to work around the problem by
>>>>> controlling
>>>>>>>> the
>>>>>>>>> order. Do you know how this can be done in Spring Boot?
>>>>>>>>>
>>>>>>>>> -Val
>>>>>>>>>
>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
>>>>> [hidden email]
>>>>>>>>
>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Val,
>>>>>>>>>>
>>>>>>>>>> Sorry for pestering, thanks for all your help.
>>>>>>>>>>
>>>>>>>>>> Rishi
>>>>>>>>>>
>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>
>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs, will try
>> to
>>>>>>> give an
>>>>>>>>>>> update as soon as possible.
>>>>>>>>>>>
>>>>>>>>>>> -Val
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
>>>>>>> [hidden email]>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>
>>>>>>>>>>>> any update on session replication issue ?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Rishi
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
>>>>>>> [hidden email]>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks Val for looking into it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll take a
>> look
>>>> and
>>>>>>> let
>>>>>>>>>>> you
>>>>>>>>>>>>>> know my findings soon.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The issue will occur in cluster environment, please setup
>>>> the
>>>>>>>>>> spring
>>>>>>>>>>>>>> boot
>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
>> front
>>>> and
>>>>>>> try
>>>>>>>>>>> to
>>>>>>>>>>>>>>> login.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> In cluster environment, Spring security does not
>> recognize
>>>> the
>>>>>>>>>>> session
>>>>>>>>>>>>>> on
>>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
>>>> security
>>>>>>> will
>>>>>>>>>>>>>> redirect
>>>>>>>>>>>>>>> to login url however the correct behavior should be that
>>>> user
>>>>>>>>>> would
>>>>>>>>>>>> stay
>>>>>>>>>>>>>>> logged in with session replication.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Do let me know if you need more information.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>> Rishi
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I was able to build and run the application. Can you
>> give
>>>>> some
>>>>>>>>>>>>>>> description
>>>>>>>>>>>>>>>> on what should I test to understand the issue? What
>>>> exactly
>>>>>>>>>> didn't
>>>>>>>>>>>>>> work
>>>>>>>>>>>>>>> for
>>>>>>>>>>>>>>>> you?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
>>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> As promised, please find attached code for spring boot
>>>>>>>>>>>> integration
>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>> spring security along with Ignite.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Some more information on project -
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>  - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
>>>>>>>>>>>>>>>>>>  - spring security integrated with boot project along
>>>> with
>>>>>>>>>>>> ignite
>>>>>>>>>>>>>>>>>>  - HttpSessionCookieCsrfTokenRepository does not
>> work,
>>>>>>>>>> gives
>>>>>>>>>>>>>>>>>>  intermediate errors on single instance so used
>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
>>>>>>>>>>>>>>>>>>  for CSRF token, again I think we need a fix here
>> from
>>>>>>>>>>> Ignite.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running on
>>>> single
>>>>>>>>>>>> instance,
>>>>>>>>>>>>>>> you
>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance having
>>>> proxy
>>>>>>>>>> in
>>>>>>>>>>>>>> front (
>>>>>>>>>>>>>>>> F5,
>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
>>>> session
>>>>>>>>>> on
>>>>>>>>>>> F5
>>>>>>>>>>>>>> OR
>>>>>>>>>>>>>>>>>> proxies ).
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> We were thinking with round robin the user session
>> will
>>>>>>>>>> active
>>>>>>>>>>>>>> since
>>>>>>>>>>>>>>> we
>>>>>>>>>>>>>>>>>> used session replication on backend.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Do let me know if you need more information here.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Rishi
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Val,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have asked
>> for
>>>> an
>>>>>>>>>>>>>> approval to
>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day or
>> two.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> I will keep you posted.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks for all your help,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
>>>>>>>>>>>>>> [hidden email]
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send it
>>>> across to
>>>>>>>>>>> you.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
>> Kulichenko <
>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Rishi,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should start
>>>>> with.
>>>>>>>>>> I
>>>>>>>>>>>>>> want to
>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
>> supported
>>>>> (if
>>>>>>>>>>> any)
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> then
>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to reuse
>>>>> existing
>>>>>>>>>>>> code
>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>>>>>>>> much as
>>>>>>>>>>>>>>>>>>>>> possible.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the problem
>> you
>>>> had
>>>>>>>>>> and
>>>>>>>>>>>> how
>>>>>>>>>>>>>>> you
>>>>>>>>>>>>>>>>>>>>> tried
>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering? Can you
>>>> share
>>>>>>>>>> it
>>>>>>>>>>>> with
>>>>>>>>>>>>>>> us?
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
>>>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring security
>>>> and we
>>>>>>>>>>>> found
>>>>>>>>>>>>>> out
>>>>>>>>>>>>>>>>>>>>> that the
>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not work
>> for
>>>>>>>>>>> session
>>>>>>>>>>>>>>>>>>>>> management on
>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in result in
>>>> some
>>>>>>>>>>>> weird
>>>>>>>>>>>>>>>> errors
>>>>>>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>>>>>> web session filter.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security somehow,
>>>> we
>>>>>>>>>> need
>>>>>>>>>>>> to
>>>>>>>>>>>>>>> write
>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web session
>>>> filter
>>>>>>>>>>>> would
>>>>>>>>>>>>>>> work
>>>>>>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
>>>> Kulichenko <
>>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
>>>> clustering
>>>>>>>>>>>> feature
>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>>>>>>>> provided
>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and
>>>> it
>>>>>>>>>>> seems
>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>> me
>>>>>>>>>>>>>>>>>>>>> it does
>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession with
>> custom
>>>>>>>>>>>>>>>> implementation
>>>>>>>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>>>>>>>>> has
>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
>>>>>>>>>> additional
>>>>>>>>>>>> API
>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand the
>>>> benefit
>>>>>>>>>> of
>>>>>>>>>>>> this
>>>>>>>>>>>>>>>>>>>>> feature.
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
>>>>>>>>>>> readme.io/docs/web-session-
>>>>>>>>>>>>>>>> clustering
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
>>>>>>>>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session replication /
>> fail
>>>>>>>>>>> over
>>>>>>>>>>>>>>> design
>>>>>>>>>>>>>>>> on
>>>>>>>>>>>>>>>>>>>>>> spring
>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is the
>> best
>>>>>>>>>> out
>>>>>>>>>>> to
>>>>>>>>>>>>>> get
>>>>>>>>>>>>>>>>>>>>> started
>>>>>>>>>>>>>>>>>>>>>>> here ?
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>  - Make use of Spring Session for session
>>>>>>>>>>> replication
>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> fail
>>>>>>>>>>>>>>>>>>>>> over
>>>>>>>>>>>>>>>>>>>>>>>>  - Extend the web session filter and make it
>> work
>>>>>>>>>> on
>>>>>>>>>>>>>> spring
>>>>>>>>>>>>>>>>>>>>> boot
>>>>>>>>>>>>>>>>>>>>>>>>  application
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be to get
>>>>>>>>>>> started
>>>>>>>>>>>>>> here
>>>>>>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>>>>>> spring
>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for feedback
>>>> here.
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Rishi Yagnik
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Rishi Yagnik
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Rishi Yagnik
>>>
>>
>>
>>
>> --
>> Rishi Yagnik
>>

> Hi Val,
>
> Thanks looking forward for the fix..
>
> Take Care,
> Rishi
>
> > On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
> [hidden email]> wrote:
> >
> > Hi Rishi,
> >
> > I want to fix the bug first. It takes a bit longer than I thought, but I
> > should finish it over the weekend.
> >
> > -Val
> >
> >> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <[hidden email]>
> wrote:
> >>
> >> Hi Val,
> >>
> >> Did you chance to look into session handling issue ?
> >>
> >> Thanks,
> >>
> >> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <[hidden email]>
> >> wrote:
> >>
> >>> Hi Val,
> >>>
> >>> Do you think I can test a fix in 1.9 RC releases ? How are you planning
> >> to
> >>> release a fix ?
> >>>
> >>> Did you also look into problem where storing xsrf token in Ignite
> returns
> >>> an exception and does not behave as expected ?
> >>>
> >>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with
> following
> >>> code -
> >>>
> >>> .csrfTokenRepository(csrfTokenRepository())
> >>>
> >>> private CsrfTokenRepository csrfTokenRepository() {
> >>>    HttpSessionCsrfTokenRepository repository = new
> >> HttpSessionCsrfTokenRepository();
> >>>    repository.setHeaderName("X-XSRF-TOKEN");
> >>>    return repository;
> >>> }
> >>>
> >>> Thank you for all your help,
> >>>
> >>>
> >>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> >>> [hidden email]> wrote:
> >>>
> >>>> Hi Rishi,
> >>>>
> >>>> I got to the bottom of it. Basically, the session is replaced in
> Spring
> >>>> filter, but caching happens based on the old version which doesn't
> have
> >>>> security attributes. The fix is going to be very easy, I will do it
> >>>> tomorrow.
> >>>>
> >>>> -Val
> >>>>
> >>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <[hidden email]>
> >>>> wrote:
> >>>>
> >>>>> Val,
> >>>>>
> >>>>> Did you get chance to play around with the code ?
> >>>>>
> >>>>> Thanks,
> >>>>>
> >>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]>
> >>>>> wrote:
> >>>>>
> >>>>>> Val,
> >>>>>>
> >>>>>> Adding a filter before csrf filter will invoke the custom ignite
> >>>> filter.
> >>>>>>
> >>>>>> Declare a custom filter class extends it with websession filter
> >>>>>>
> >>>>>> public class CustomWebSessionFilter extends WebSessionFilter {
> >>>>>>
> >>>>>>         private static boolean igniteInitialize = false
> >>>>>>
> >>>>>> @Override public void doFilter(ServletRequest req, ServletResponse
> >>>> res,
> >>>>>> FilterChain chain)
> >>>>>>            throws IOException, ServletException {
> >>>>>>        if(!igniteInitialize) {
> >>>>>>            super.init(new FilterConfig() {
> >>>>>>                @Override
> >>>>>>                public String getFilterName() {
> >>>>>>                    return "CustomWebSessionFilter";
> >>>>>>                }
> >>>>>>
> >>>>>>                @Override
> >>>>>>                public ServletContext getServletContext() {
> >>>>>>                    return req.getServletContext();
> >>>>>>                }
> >>>>>>
> >>>>>>                @Override
> >>>>>>                public String getInitParameter(String name) {
> >>>>>>                    return null;
> >>>>>>                }
> >>>>>>
> >>>>>>                @Override
> >>>>>>                public Enumeration<String> getInitParameterNames() {
> >>>>>>                    return null;
> >>>>>>                }
> >>>>>>            });
> >>>>>>            igniteInitialize = true;
> >>>>>>        }
> >>>>>>        super.doFilter(req,res,chain);
> >>>>>>    }
> >>>>>> }
> >>>>>>
> >>>>>> And in SecurityConfig.java add following line to invoke filter
> >> before
> >>>>>> Ignite Web Session filter -
> >>>>>>
> >>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> >>>>>>
> >>>>>> Hope it helps..
> >>>>>>
> >>>>>> Thanks,
> >>>>>>
> >>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> >>>>>> [hidden email]> wrote:
> >>>>>>
> >>>>>>> Rishi,
> >>>>>>>
> >>>>>>> Can you please share how you forced Ignite filter to be invoked
> >>>> before
> >>>>>>> security filter?
> >>>>>>>
> >>>>>>> -Val
> >>>>>>>
> >>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> >> [hidden email]
> >>>>>
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> Hi Val,
> >>>>>>>>
> >>>>>>>> Thanks for the response, we have executed ignite filter before
> >>>> spring
> >>>>>>>> security filter but somehow the ignite filter does not do the job
> >>>> of
> >>>>>>>> setting spring principle context.
> >>>>>>>>
> >>>>>>>> As a result even though we have spring principle in session,
> >> spring
> >>>>>>> filter
> >>>>>>>> does not recognize it and sends us back to log in page.
> >>>>>>>>
> >>>>>>>> I think there s some more work needed here to change the filter
> >> and
> >>>>> make
> >>>>>>>> it work with spring boot application.
> >>>>>>>>
> >>>>>>>> Take Care,
> >>>>>>>> Rishi
> >>>>>>>>
> >>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> >>>>>>>> [hidden email]> wrote:
> >>>>>>>>>
> >>>>>>>>> Hi Rishi,
> >>>>>>>>>
> >>>>>>>>> I did some debugging. Apparently, the reason for this behavior
> >> is
> >>>>> that
> >>>>>>>>> Spring Security filter resides before Ignite's filter in the
> >>>> chain
> >>>>>>> list.
> >>>>>>>> I
> >>>>>>>>> think that eventually this should be fixed in the product, but
> >> in
> >>>>> the
> >>>>>>>>> meantime there must be a way to work around the problem by
> >>>>> controlling
> >>>>>>>> the
> >>>>>>>>> order. Do you know how this can be done in Spring Boot?
> >>>>>>>>>
> >>>>>>>>> -Val
> >>>>>>>>>
> >>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> >>>>> [hidden email]
> >>>>>>>>
> >>>>>>>> wrote:
> >>>>>>>>>>
> >>>>>>>>>> Hi Val,
> >>>>>>>>>>
> >>>>>>>>>> Sorry for pestering, thanks for all your help.
> >>>>>>>>>>
> >>>>>>>>>> Rishi
> >>>>>>>>>>
> >>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> >>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>
> >>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs, will try
> >> to
> >>>>>>> give an
> >>>>>>>>>>> update as soon as possible.
> >>>>>>>>>>>
> >>>>>>>>>>> -Val
> >>>>>>>>>>>
> >>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> >>>>>>> [hidden email]>
> >>>>>>>>>>> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>
> >>>>>>>>>>>> any update on session replication issue ?
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thanks,
> >>>>>>>>>>>> Rishi
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> >>>>>>> [hidden email]>
> >>>>>>>>>>>> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Thanks Val for looking into it.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> >>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll take a
> >> look
> >>>> and
> >>>>>>> let
> >>>>>>>>>>> you
> >>>>>>>>>>>>>> know my findings soon.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> >>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> The issue will occur in cluster environment, please setup
> >>>> the
> >>>>>>>>>> spring
> >>>>>>>>>>>>>> boot
> >>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
> >> front
> >>>> and
> >>>>>>> try
> >>>>>>>>>>> to
> >>>>>>>>>>>>>>> login.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> In cluster environment, Spring security does not
> >> recognize
> >>>> the
> >>>>>>>>>>> session
> >>>>>>>>>>>>>> on
> >>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
> >>>> security
> >>>>>>> will
> >>>>>>>>>>>>>> redirect
> >>>>>>>>>>>>>>> to login url however the correct behavior should be that
> >>>> user
> >>>>>>>>>> would
> >>>>>>>>>>>> stay
> >>>>>>>>>>>>>>> logged in with session replication.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Do let me know if you need more information.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>> Rishi
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> >>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I was able to build and run the application. Can you
> >> give
> >>>>> some
> >>>>>>>>>>>>>>> description
> >>>>>>>>>>>>>>>> on what should I test to understand the issue? What
> >>>> exactly
> >>>>>>>>>> didn't
> >>>>>>>>>>>>>> work
> >>>>>>>>>>>>>>> for
> >>>>>>>>>>>>>>>> you?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> >>>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Thanks, I'll take a look.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> >>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> As promised, please find attached code for spring boot
> >>>>>>>>>>>> integration
> >>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>> spring security along with Ignite.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Some more information on project -
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>  - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> >>>>>>>>>>>>>>>>>>  - spring security integrated with boot project along
> >>>> with
> >>>>>>>>>>>> ignite
> >>>>>>>>>>>>>>>>>>  - HttpSessionCookieCsrfTokenRepository does not
> >> work,
> >>>>>>>>>> gives
> >>>>>>>>>>>>>>>>>>  intermediate errors on single instance so used
> >>>>>>>>>>>>>>>> CookieCsrfTokenRepository
> >>>>>>>>>>>>>>>>>>  for CSRF token, again I think we need a fix here
> >> from
> >>>>>>>>>>> Ignite.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running on
> >>>> single
> >>>>>>>>>>>> instance,
> >>>>>>>>>>>>>>> you
> >>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance having
> >>>> proxy
> >>>>>>>>>> in
> >>>>>>>>>>>>>> front (
> >>>>>>>>>>>>>>>> F5,
> >>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
> >>>> session
> >>>>>>>>>> on
> >>>>>>>>>>> F5
> >>>>>>>>>>>>>> OR
> >>>>>>>>>>>>>>>>>> proxies ).
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> We were thinking with round robin the user session
> >> will
> >>>>>>>>>> active
> >>>>>>>>>>>>>> since
> >>>>>>>>>>>>>>> we
> >>>>>>>>>>>>>>>>>> used session replication on backend.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Do let me know if you need more information here.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Rishi
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> >>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Val,
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have asked
> >> for
> >>>> an
> >>>>>>>>>>>>>> approval to
> >>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day or
> >> two.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> I will keep you posted.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Thanks for all your help,
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> >>>>>>>>>>>>>> [hidden email]
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send it
> >>>> across to
> >>>>>>>>>>> you.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> >> Kulichenko <
> >>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> Rishi,
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should start
> >>>>> with.
> >>>>>>>>>> I
> >>>>>>>>>>>>>> want to
> >>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
> >> supported
> >>>>> (if
> >>>>>>>>>>> any)
> >>>>>>>>>>>>>> and
> >>>>>>>>>>>>>>>> then
> >>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to reuse
> >>>>> existing
> >>>>>>>>>>>> code
> >>>>>>>>>>>>>> as
> >>>>>>>>>>>>>>>>>>>>> much as
> >>>>>>>>>>>>>>>>>>>>> possible.
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the problem
> >> you
> >>>> had
> >>>>>>>>>> and
> >>>>>>>>>>>> how
> >>>>>>>>>>>>>>> you
> >>>>>>>>>>>>>>>>>>>>> tried
> >>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering? Can you
> >>>> share
> >>>>>>>>>> it
> >>>>>>>>>>>> with
> >>>>>>>>>>>>>>> us?
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> >>>>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring security
> >>>> and we
> >>>>>>>>>>>> found
> >>>>>>>>>>>>>> out
> >>>>>>>>>>>>>>>>>>>>> that the
> >>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not work
> >> for
> >>>>>>>>>>> session
> >>>>>>>>>>>>>>>>>>>>> management on
> >>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in result in
> >>>> some
> >>>>>>>>>>>> weird
> >>>>>>>>>>>>>>>> errors
> >>>>>>>>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>>>>>> web session filter.
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security somehow,
> >>>> we
> >>>>>>>>>> need
> >>>>>>>>>>>> to
> >>>>>>>>>>>>>>> write
> >>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web session
> >>>> filter
> >>>>>>>>>>>> would
> >>>>>>>>>>>>>>> work
> >>>>>>>>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> >>>> Kulichenko <
> >>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
> >>>> clustering
> >>>>>>>>>>>> feature
> >>>>>>>>>>>>>>> [1]
> >>>>>>>>>>>>>>>>>>>>> provided
> >>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and
> >>>> it
> >>>>>>>>>>> seems
> >>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>> me
> >>>>>>>>>>>>>>>>>>>>> it does
> >>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession with
> >> custom
> >>>>>>>>>>>>>>>> implementation
> >>>>>>>>>>>>>>>>>>>>> that
> >>>>>>>>>>>>>>>>>>>>>> has
> >>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> >>>>>>>>>> additional
> >>>>>>>>>>>> API
> >>>>>>>>>>>>>> or
> >>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand the
> >>>> benefit
> >>>>>>>>>> of
> >>>>>>>>>>>> this
> >>>>>>>>>>>>>>>>>>>>> feature.
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> >>>>>>>>>>> readme.io/docs/web-session-
> >>>>>>>>>>>>>>>> clustering
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> >>>>>>>>>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session replication /
> >> fail
> >>>>>>>>>>> over
> >>>>>>>>>>>>>>> design
> >>>>>>>>>>>>>>>> on
> >>>>>>>>>>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is the
> >> best
> >>>>>>>>>> out
> >>>>>>>>>>> to
> >>>>>>>>>>>>>> get
> >>>>>>>>>>>>>>>>>>>>> started
> >>>>>>>>>>>>>>>>>>>>>>> here ?
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>  - Make use of Spring Session for session
> >>>>>>>>>>> replication
> >>>>>>>>>>>>>> and
> >>>>>>>>>>>>>>>> fail
> >>>>>>>>>>>>>>>>>>>>> over
> >>>>>>>>>>>>>>>>>>>>>>>>  - Extend the web session filter and make it
> >> work
> >>>>>>>>>> on
> >>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>>>>>>> boot
> >>>>>>>>>>>>>>>>>>>>>>>>  application
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be to get
> >>>>>>>>>>> started
> >>>>>>>>>>>>>> here
> >>>>>>>>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for feedback
> >>>> here.
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> --
> >>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> --
> >>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Rishi Yagnik
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Rishi Yagnik
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Rishi Yagnik
> >>>
> >>
> >>
> >>
> >> --
> >> Rishi Yagnik
> >>
>

> On Mar 17, 2017, at 11:43 AM, Rishi Yagnik <[hidden email]> wrote:
>
> Hi Val,
>
> Hope you are well, any update on web session clustering.
>
> Thanks,
> Rishi
>
> On Sat, Mar 11, 2017 at 12:29 PM, Rishi Yagnik <[hidden email]>
> wrote:
>
>> Hi Val,
>>
>> Thanks looking forward for the fix..
>>
>> Take Care,
>> Rishi
>>
>>> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
>> [hidden email]> wrote:
>>>
>>> Hi Rishi,
>>>
>>> I want to fix the bug first. It takes a bit longer than I thought, but I
>>> should finish it over the weekend.
>>>
>>> -Val
>>>
>>>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <[hidden email]>
>> wrote:
>>>>
>>>> Hi Val,
>>>>
>>>> Did you chance to look into session handling issue ?
>>>>
>>>> Thanks,
>>>>
>>>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <[hidden email]>
>>>> wrote:
>>>>
>>>>> Hi Val,
>>>>>
>>>>> Do you think I can test a fix in 1.9 RC releases ? How are you planning
>>>> to
>>>>> release a fix ?
>>>>>
>>>>> Did you also look into problem where storing xsrf token in Ignite
>> returns
>>>>> an exception and does not behave as expected ?
>>>>>
>>>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with
>> following
>>>>> code -
>>>>>
>>>>> .csrfTokenRepository(csrfTokenRepository())
>>>>>
>>>>> private CsrfTokenRepository csrfTokenRepository() {
>>>>>   HttpSessionCsrfTokenRepository repository = new
>>>> HttpSessionCsrfTokenRepository();
>>>>>   repository.setHeaderName("X-XSRF-TOKEN");
>>>>>   return repository;
>>>>> }
>>>>>
>>>>> Thank you for all your help,
>>>>>
>>>>>
>>>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
>>>>> [hidden email]> wrote:
>>>>>
>>>>>> Hi Rishi,
>>>>>>
>>>>>> I got to the bottom of it. Basically, the session is replaced in
>> Spring
>>>>>> filter, but caching happens based on the old version which doesn't
>> have
>>>>>> security attributes. The fix is going to be very easy, I will do it
>>>>>> tomorrow.
>>>>>>
>>>>>> -Val
>>>>>>
>>>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <[hidden email]>
>>>>>> wrote:
>>>>>>
>>>>>>> Val,
>>>>>>>
>>>>>>> Did you get chance to play around with the code ?
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Val,
>>>>>>>>
>>>>>>>> Adding a filter before csrf filter will invoke the custom ignite
>>>>>> filter.
>>>>>>>>
>>>>>>>> Declare a custom filter class extends it with websession filter
>>>>>>>>
>>>>>>>> public class CustomWebSessionFilter extends WebSessionFilter {
>>>>>>>>
>>>>>>>>        private static boolean igniteInitialize = false
>>>>>>>>
>>>>>>>> @Override public void doFilter(ServletRequest req, ServletResponse
>>>>>> res,
>>>>>>>> FilterChain chain)
>>>>>>>>           throws IOException, ServletException {
>>>>>>>>       if(!igniteInitialize) {
>>>>>>>>           super.init(new FilterConfig() {
>>>>>>>>               @Override
>>>>>>>>               public String getFilterName() {
>>>>>>>>                   return "CustomWebSessionFilter";
>>>>>>>>               }
>>>>>>>>
>>>>>>>>               @Override
>>>>>>>>               public ServletContext getServletContext() {
>>>>>>>>                   return req.getServletContext();
>>>>>>>>               }
>>>>>>>>
>>>>>>>>               @Override
>>>>>>>>               public String getInitParameter(String name) {
>>>>>>>>                   return null;
>>>>>>>>               }
>>>>>>>>
>>>>>>>>               @Override
>>>>>>>>               public Enumeration<String> getInitParameterNames() {
>>>>>>>>                   return null;
>>>>>>>>               }
>>>>>>>>           });
>>>>>>>>           igniteInitialize = true;
>>>>>>>>       }
>>>>>>>>       super.doFilter(req,res,chain);
>>>>>>>>   }
>>>>>>>> }
>>>>>>>>
>>>>>>>> And in SecurityConfig.java add following line to invoke filter
>>>> before
>>>>>>>> Ignite Web Session filter -
>>>>>>>>
>>>>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
>>>>>>>>
>>>>>>>> Hope it helps..
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
>>>>>>>> [hidden email]> wrote:
>>>>>>>>
>>>>>>>>> Rishi,
>>>>>>>>>
>>>>>>>>> Can you please share how you forced Ignite filter to be invoked
>>>>>> before
>>>>>>>>> security filter?
>>>>>>>>>
>>>>>>>>> -Val
>>>>>>>>>
>>>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
>>>> [hidden email]
>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Val,
>>>>>>>>>>
>>>>>>>>>> Thanks for the response, we have executed ignite filter before
>>>>>> spring
>>>>>>>>>> security filter but somehow the ignite filter does not do the job
>>>>>> of
>>>>>>>>>> setting spring principle context.
>>>>>>>>>>
>>>>>>>>>> As a result even though we have spring principle in session,
>>>> spring
>>>>>>>>> filter
>>>>>>>>>> does not recognize it and sends us back to log in page.
>>>>>>>>>>
>>>>>>>>>> I think there s some more work needed here to change the filter
>>>> and
>>>>>>> make
>>>>>>>>>> it work with spring boot application.
>>>>>>>>>>
>>>>>>>>>> Take Care,
>>>>>>>>>> Rishi
>>>>>>>>>>
>>>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>
>>>>>>>>>>> I did some debugging. Apparently, the reason for this behavior
>>>> is
>>>>>>> that
>>>>>>>>>>> Spring Security filter resides before Ignite's filter in the
>>>>>> chain
>>>>>>>>> list.
>>>>>>>>>> I
>>>>>>>>>>> think that eventually this should be fixed in the product, but
>>>> in
>>>>>>> the
>>>>>>>>>>> meantime there must be a way to work around the problem by
>>>>>>> controlling
>>>>>>>>>> the
>>>>>>>>>>> order. Do you know how this can be done in Spring Boot?
>>>>>>>>>>>
>>>>>>>>>>> -Val
>>>>>>>>>>>
>>>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
>>>>>>> [hidden email]
>>>>>>>>>>
>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>
>>>>>>>>>>>> Sorry for pestering, thanks for all your help.
>>>>>>>>>>>>
>>>>>>>>>>>> Rishi
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs, will try
>>>> to
>>>>>>>>> give an
>>>>>>>>>>>>> update as soon as possible.
>>>>>>>>>>>>>
>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
>>>>>>>>> [hidden email]>
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> any update on session replication issue ?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>> Rishi
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks Val for looking into it.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll take a
>>>> look
>>>>>> and
>>>>>>>>> let
>>>>>>>>>>>>> you
>>>>>>>>>>>>>>>> know my findings soon.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> The issue will occur in cluster environment, please setup
>>>>>> the
>>>>>>>>>>>> spring
>>>>>>>>>>>>>>>> boot
>>>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
>>>> front
>>>>>> and
>>>>>>>>> try
>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>>> login.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> In cluster environment, Spring security does not
>>>> recognize
>>>>>> the
>>>>>>>>>>>>> session
>>>>>>>>>>>>>>>> on
>>>>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
>>>>>> security
>>>>>>>>> will
>>>>>>>>>>>>>>>> redirect
>>>>>>>>>>>>>>>>> to login url however the correct behavior should be that
>>>>>> user
>>>>>>>>>>>> would
>>>>>>>>>>>>>> stay
>>>>>>>>>>>>>>>>> logged in with session replication.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Do let me know if you need more information.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>> Rishi
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
>>>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I was able to build and run the application. Can you
>>>> give
>>>>>>> some
>>>>>>>>>>>>>>>>> description
>>>>>>>>>>>>>>>>>> on what should I test to understand the issue? What
>>>>>> exactly
>>>>>>>>>>>> didn't
>>>>>>>>>>>>>>>> work
>>>>>>>>>>>>>>>>> for
>>>>>>>>>>>>>>>>>> you?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
>>>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> As promised, please find attached code for spring boot
>>>>>>>>>>>>>> integration
>>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>>>> spring security along with Ignite.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Some more information on project -
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
>>>>>>>>>>>>>>>>>>>> - spring security integrated with boot project along
>>>>>> with
>>>>>>>>>>>>>> ignite
>>>>>>>>>>>>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not
>>>> work,
>>>>>>>>>>>> gives
>>>>>>>>>>>>>>>>>>>> intermediate errors on single instance so used
>>>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
>>>>>>>>>>>>>>>>>>>> for CSRF token, again I think we need a fix here
>>>> from
>>>>>>>>>>>>> Ignite.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running on
>>>>>> single
>>>>>>>>>>>>>> instance,
>>>>>>>>>>>>>>>>> you
>>>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance having
>>>>>> proxy
>>>>>>>>>>>> in
>>>>>>>>>>>>>>>> front (
>>>>>>>>>>>>>>>>>> F5,
>>>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
>>>>>> session
>>>>>>>>>>>> on
>>>>>>>>>>>>> F5
>>>>>>>>>>>>>>>> OR
>>>>>>>>>>>>>>>>>>>> proxies ).
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> We were thinking with round robin the user session
>>>> will
>>>>>>>>>>>> active
>>>>>>>>>>>>>>>> since
>>>>>>>>>>>>>>>>> we
>>>>>>>>>>>>>>>>>>>> used session replication on backend.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Do let me know if you need more information here.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Rishi
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
>>>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Val,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have asked
>>>> for
>>>>>> an
>>>>>>>>>>>>>>>> approval to
>>>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day or
>>>> two.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> I will keep you posted.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Thanks for all your help,
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
>>>>>>>>>>>>>>>> [hidden email]
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send it
>>>>>> across to
>>>>>>>>>>>>> you.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
>>>> Kulichenko <
>>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Rishi,
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should start
>>>>>>> with.
>>>>>>>>>>>> I
>>>>>>>>>>>>>>>> want to
>>>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
>>>> supported
>>>>>>> (if
>>>>>>>>>>>>> any)
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>> then
>>>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to reuse
>>>>>>> existing
>>>>>>>>>>>>>> code
>>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>>>>>>>>>> much as
>>>>>>>>>>>>>>>>>>>>>>> possible.
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the problem
>>>> you
>>>>>> had
>>>>>>>>>>>> and
>>>>>>>>>>>>>> how
>>>>>>>>>>>>>>>>> you
>>>>>>>>>>>>>>>>>>>>>>> tried
>>>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering? Can you
>>>>>> share
>>>>>>>>>>>> it
>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>> us?
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
>>>>>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Hi Val,
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring security
>>>>>> and we
>>>>>>>>>>>>>> found
>>>>>>>>>>>>>>>> out
>>>>>>>>>>>>>>>>>>>>>>> that the
>>>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not work
>>>> for
>>>>>>>>>>>>> session
>>>>>>>>>>>>>>>>>>>>>>> management on
>>>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in result in
>>>>>> some
>>>>>>>>>>>>>> weird
>>>>>>>>>>>>>>>>>> errors
>>>>>>>>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>>>>>>>> web session filter.
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security somehow,
>>>>>> we
>>>>>>>>>>>> need
>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>>> write
>>>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web session
>>>>>> filter
>>>>>>>>>>>>>> would
>>>>>>>>>>>>>>>>> work
>>>>>>>>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
>>>>>> Kulichenko <
>>>>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
>>>>>> clustering
>>>>>>>>>>>>>> feature
>>>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>>>>>>>>>> provided
>>>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and
>>>>>> it
>>>>>>>>>>>>> seems
>>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>>> me
>>>>>>>>>>>>>>>>>>>>>>> it does
>>>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession with
>>>> custom
>>>>>>>>>>>>>>>>>> implementation
>>>>>>>>>>>>>>>>>>>>>>> that
>>>>>>>>>>>>>>>>>>>>>>>> has
>>>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
>>>>>>>>>>>> additional
>>>>>>>>>>>>>> API
>>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand the
>>>>>> benefit
>>>>>>>>>>>> of
>>>>>>>>>>>>>> this
>>>>>>>>>>>>>>>>>>>>>>> feature.
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
>>>>>>>>>>>>> readme.io/docs/web-session-
>>>>>>>>>>>>>>>>>> clustering
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>> -Val
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
>>>>>>>>>>>>>>>>>>>>>>> [hidden email]>
>>>>>>>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session replication /
>>>> fail
>>>>>>>>>>>>> over
>>>>>>>>>>>>>>>>> design
>>>>>>>>>>>>>>>>>> on
>>>>>>>>>>>>>>>>>>>>>>>> spring
>>>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is the
>>>> best
>>>>>>>>>>>> out
>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>> get
>>>>>>>>>>>>>>>>>>>>>>> started
>>>>>>>>>>>>>>>>>>>>>>>>> here ?
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>> - Make use of Spring Session for session
>>>>>>>>>>>>> replication
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>>> fail
>>>>>>>>>>>>>>>>>>>>>>> over
>>>>>>>>>>>>>>>>>>>>>>>>>> - Extend the web session filter and make it
>>>> work
>>>>>>>>>>>> on
>>>>>>>>>>>>>>>> spring
>>>>>>>>>>>>>>>>>>>>>>> boot
>>>>>>>>>>>>>>>>>>>>>>>>>> application
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be to get
>>>>>>>>>>>>> started
>>>>>>>>>>>>>>>> here
>>>>>>>>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>>>>>>>>>> spring
>>>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for feedback
>>>>>> here.
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Rishi Yagnik
>>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Rishi Yagnik
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Rishi Yagnik
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Rishi Yagnik
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Rishi Yagnik
>>>>
>>
>
>
>
> --
> Rishi Yagnik

> Val,
>
> Will it be possible to incorporate the fix into the nearest 2.0 release?
>
> —
> Denis
>
> > On Mar 17, 2017, at 11:43 AM, Rishi Yagnik <[hidden email]>
> wrote:
> >
> > Hi Val,
> >
> > Hope you are well, any update on web session clustering.
> >
> > Thanks,
> > Rishi
> >
> > On Sat, Mar 11, 2017 at 12:29 PM, Rishi Yagnik <[hidden email]>
> > wrote:
> >
> >> Hi Val,
> >>
> >> Thanks looking forward for the fix..
> >>
> >> Take Care,
> >> Rishi
> >>
> >>> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
> >> [hidden email]> wrote:
> >>>
> >>> Hi Rishi,
> >>>
> >>> I want to fix the bug first. It takes a bit longer than I thought, but
> I
> >>> should finish it over the weekend.
> >>>
> >>> -Val
> >>>
> >>>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <[hidden email]>
> >> wrote:
> >>>>
> >>>> Hi Val,
> >>>>
> >>>> Did you chance to look into session handling issue ?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <[hidden email]>
> >>>> wrote:
> >>>>
> >>>>> Hi Val,
> >>>>>
> >>>>> Do you think I can test a fix in 1.9 RC releases ? How are you
> planning
> >>>> to
> >>>>> release a fix ?
> >>>>>
> >>>>> Did you also look into problem where storing xsrf token in Ignite
> >> returns
> >>>>> an exception and does not behave as expected ?
> >>>>>
> >>>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with
> >> following
> >>>>> code -
> >>>>>
> >>>>> .csrfTokenRepository(csrfTokenRepository())
> >>>>>
> >>>>> private CsrfTokenRepository csrfTokenRepository() {
> >>>>>   HttpSessionCsrfTokenRepository repository = new
> >>>> HttpSessionCsrfTokenRepository();
> >>>>>   repository.setHeaderName("X-XSRF-TOKEN");
> >>>>>   return repository;
> >>>>> }
> >>>>>
> >>>>> Thank you for all your help,
> >>>>>
> >>>>>
> >>>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> >>>>> [hidden email]> wrote:
> >>>>>
> >>>>>> Hi Rishi,
> >>>>>>
> >>>>>> I got to the bottom of it. Basically, the session is replaced in
> >> Spring
> >>>>>> filter, but caching happens based on the old version which doesn't
> >> have
> >>>>>> security attributes. The fix is going to be very easy, I will do it
> >>>>>> tomorrow.
> >>>>>>
> >>>>>> -Val
> >>>>>>
> >>>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <[hidden email]
> >
> >>>>>> wrote:
> >>>>>>
> >>>>>>> Val,
> >>>>>>>
> >>>>>>> Did you get chance to play around with the code ?
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>>
> >>>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <
> [hidden email]>
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> Val,
> >>>>>>>>
> >>>>>>>> Adding a filter before csrf filter will invoke the custom ignite
> >>>>>> filter.
> >>>>>>>>
> >>>>>>>> Declare a custom filter class extends it with websession filter
> >>>>>>>>
> >>>>>>>> public class CustomWebSessionFilter extends WebSessionFilter {
> >>>>>>>>
> >>>>>>>>        private static boolean igniteInitialize = false
> >>>>>>>>
> >>>>>>>> @Override public void doFilter(ServletRequest req, ServletResponse
> >>>>>> res,
> >>>>>>>> FilterChain chain)
> >>>>>>>>           throws IOException, ServletException {
> >>>>>>>>       if(!igniteInitialize) {
> >>>>>>>>           super.init(new FilterConfig() {
> >>>>>>>>               @Override
> >>>>>>>>               public String getFilterName() {
> >>>>>>>>                   return "CustomWebSessionFilter";
> >>>>>>>>               }
> >>>>>>>>
> >>>>>>>>               @Override
> >>>>>>>>               public ServletContext getServletContext() {
> >>>>>>>>                   return req.getServletContext();
> >>>>>>>>               }
> >>>>>>>>
> >>>>>>>>               @Override
> >>>>>>>>               public String getInitParameter(String name) {
> >>>>>>>>                   return null;
> >>>>>>>>               }
> >>>>>>>>
> >>>>>>>>               @Override
> >>>>>>>>               public Enumeration<String> getInitParameterNames() {
> >>>>>>>>                   return null;
> >>>>>>>>               }
> >>>>>>>>           });
> >>>>>>>>           igniteInitialize = true;
> >>>>>>>>       }
> >>>>>>>>       super.doFilter(req,res,chain);
> >>>>>>>>   }
> >>>>>>>> }
> >>>>>>>>
> >>>>>>>> And in SecurityConfig.java add following line to invoke filter
> >>>> before
> >>>>>>>> Ignite Web Session filter -
> >>>>>>>>
> >>>>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> >>>>>>>>
> >>>>>>>> Hope it helps..
> >>>>>>>>
> >>>>>>>> Thanks,
> >>>>>>>>
> >>>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> >>>>>>>> [hidden email]> wrote:
> >>>>>>>>
> >>>>>>>>> Rishi,
> >>>>>>>>>
> >>>>>>>>> Can you please share how you forced Ignite filter to be invoked
> >>>>>> before
> >>>>>>>>> security filter?
> >>>>>>>>>
> >>>>>>>>> -Val
> >>>>>>>>>
> >>>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> >>>> [hidden email]
> >>>>>>>
> >>>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>>> Hi Val,
> >>>>>>>>>>
> >>>>>>>>>> Thanks for the response, we have executed ignite filter before
> >>>>>> spring
> >>>>>>>>>> security filter but somehow the ignite filter does not do the
> job
> >>>>>> of
> >>>>>>>>>> setting spring principle context.
> >>>>>>>>>>
> >>>>>>>>>> As a result even though we have spring principle in session,
> >>>> spring
> >>>>>>>>> filter
> >>>>>>>>>> does not recognize it and sends us back to log in page.
> >>>>>>>>>>
> >>>>>>>>>> I think there s some more work needed here to change the filter
> >>>> and
> >>>>>>> make
> >>>>>>>>>> it work with spring boot application.
> >>>>>>>>>>
> >>>>>>>>>> Take Care,
> >>>>>>>>>> Rishi
> >>>>>>>>>>
> >>>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> >>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>
> >>>>>>>>>>> I did some debugging. Apparently, the reason for this behavior
> >>>> is
> >>>>>>> that
> >>>>>>>>>>> Spring Security filter resides before Ignite's filter in the
> >>>>>> chain
> >>>>>>>>> list.
> >>>>>>>>>> I
> >>>>>>>>>>> think that eventually this should be fixed in the product, but
> >>>> in
> >>>>>>> the
> >>>>>>>>>>> meantime there must be a way to work around the problem by
> >>>>>>> controlling
> >>>>>>>>>> the
> >>>>>>>>>>> order. Do you know how this can be done in Spring Boot?
> >>>>>>>>>>>
> >>>>>>>>>>> -Val
> >>>>>>>>>>>
> >>>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> >>>>>>> [hidden email]
> >>>>>>>>>>
> >>>>>>>>>> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>
> >>>>>>>>>>>> Sorry for pestering, thanks for all your help.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Rishi
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> >>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs, will try
> >>>> to
> >>>>>>>>> give an
> >>>>>>>>>>>>> update as soon as possible.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> >>>>>>>>> [hidden email]>
> >>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> any update on session replication issue ?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>> Rishi
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> >>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Thanks Val for looking into it.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> >>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll take a
> >>>> look
> >>>>>> and
> >>>>>>>>> let
> >>>>>>>>>>>>> you
> >>>>>>>>>>>>>>>> know my findings soon.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> >>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> The issue will occur in cluster environment, please setup
> >>>>>> the
> >>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>> boot
> >>>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
> >>>> front
> >>>>>> and
> >>>>>>>>> try
> >>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>>> login.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> In cluster environment, Spring security does not
> >>>> recognize
> >>>>>> the
> >>>>>>>>>>>>> session
> >>>>>>>>>>>>>>>> on
> >>>>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
> >>>>>> security
> >>>>>>>>> will
> >>>>>>>>>>>>>>>> redirect
> >>>>>>>>>>>>>>>>> to login url however the correct behavior should be that
> >>>>>> user
> >>>>>>>>>>>> would
> >>>>>>>>>>>>>> stay
> >>>>>>>>>>>>>>>>> logged in with session replication.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Do let me know if you need more information.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>> Rishi
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> >>>>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> I was able to build and run the application. Can you
> >>>> give
> >>>>>>> some
> >>>>>>>>>>>>>>>>> description
> >>>>>>>>>>>>>>>>>> on what should I test to understand the issue? What
> >>>>>> exactly
> >>>>>>>>>>>> didn't
> >>>>>>>>>>>>>>>> work
> >>>>>>>>>>>>>>>>> for
> >>>>>>>>>>>>>>>>>> you?
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> >>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> >>>>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> As promised, please find attached code for spring boot
> >>>>>>>>>>>>>> integration
> >>>>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>>>> spring security along with Ignite.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Some more information on project -
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> >>>>>>>>>>>>>>>>>>>> - spring security integrated with boot project along
> >>>>>> with
> >>>>>>>>>>>>>> ignite
> >>>>>>>>>>>>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not
> >>>> work,
> >>>>>>>>>>>> gives
> >>>>>>>>>>>>>>>>>>>> intermediate errors on single instance so used
> >>>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
> >>>>>>>>>>>>>>>>>>>> for CSRF token, again I think we need a fix here
> >>>> from
> >>>>>>>>>>>>> Ignite.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running on
> >>>>>> single
> >>>>>>>>>>>>>> instance,
> >>>>>>>>>>>>>>>>> you
> >>>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance having
> >>>>>> proxy
> >>>>>>>>>>>> in
> >>>>>>>>>>>>>>>> front (
> >>>>>>>>>>>>>>>>>> F5,
> >>>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
> >>>>>> session
> >>>>>>>>>>>> on
> >>>>>>>>>>>>> F5
> >>>>>>>>>>>>>>>> OR
> >>>>>>>>>>>>>>>>>>>> proxies ).
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> We were thinking with round robin the user session
> >>>> will
> >>>>>>>>>>>> active
> >>>>>>>>>>>>>>>> since
> >>>>>>>>>>>>>>>>> we
> >>>>>>>>>>>>>>>>>>>> used session replication on backend.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Do let me know if you need more information here.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Rishi
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> >>>>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> Val,
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have asked
> >>>> for
> >>>>>> an
> >>>>>>>>>>>>>>>> approval to
> >>>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day or
> >>>> two.
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> I will keep you posted.
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> Thanks for all your help,
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> >>>>>>>>>>>>>>>> [hidden email]
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send it
> >>>>>> across to
> >>>>>>>>>>>>> you.
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> >>>> Kulichenko <
> >>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> Rishi,
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should start
> >>>>>>> with.
> >>>>>>>>>>>> I
> >>>>>>>>>>>>>>>> want to
> >>>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
> >>>> supported
> >>>>>>> (if
> >>>>>>>>>>>>> any)
> >>>>>>>>>>>>>>>> and
> >>>>>>>>>>>>>>>>>> then
> >>>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to reuse
> >>>>>>> existing
> >>>>>>>>>>>>>> code
> >>>>>>>>>>>>>>>> as
> >>>>>>>>>>>>>>>>>>>>>>> much as
> >>>>>>>>>>>>>>>>>>>>>>> possible.
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the problem
> >>>> you
> >>>>>> had
> >>>>>>>>>>>> and
> >>>>>>>>>>>>>> how
> >>>>>>>>>>>>>>>>> you
> >>>>>>>>>>>>>>>>>>>>>>> tried
> >>>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering? Can you
> >>>>>> share
> >>>>>>>>>>>> it
> >>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>> us?
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> >>>>>>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> Hi Val,
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring security
> >>>>>> and we
> >>>>>>>>>>>>>> found
> >>>>>>>>>>>>>>>> out
> >>>>>>>>>>>>>>>>>>>>>>> that the
> >>>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not work
> >>>> for
> >>>>>>>>>>>>> session
> >>>>>>>>>>>>>>>>>>>>>>> management on
> >>>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in result in
> >>>>>> some
> >>>>>>>>>>>>>> weird
> >>>>>>>>>>>>>>>>>> errors
> >>>>>>>>>>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>>>>>>>> web session filter.
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security somehow,
> >>>>>> we
> >>>>>>>>>>>> need
> >>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>>> write
> >>>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web session
> >>>>>> filter
> >>>>>>>>>>>>>> would
> >>>>>>>>>>>>>>>>> work
> >>>>>>>>>>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> >>>>>> Kulichenko <
> >>>>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
> >>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
> >>>>>> clustering
> >>>>>>>>>>>>>> feature
> >>>>>>>>>>>>>>>>> [1]
> >>>>>>>>>>>>>>>>>>>>>>> provided
> >>>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and
> >>>>>> it
> >>>>>>>>>>>>> seems
> >>>>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>>> me
> >>>>>>>>>>>>>>>>>>>>>>> it does
> >>>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession with
> >>>> custom
> >>>>>>>>>>>>>>>>>> implementation
> >>>>>>>>>>>>>>>>>>>>>>> that
> >>>>>>>>>>>>>>>>>>>>>>>> has
> >>>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> >>>>>>>>>>>> additional
> >>>>>>>>>>>>>> API
> >>>>>>>>>>>>>>>> or
> >>>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand the
> >>>>>> benefit
> >>>>>>>>>>>> of
> >>>>>>>>>>>>>> this
> >>>>>>>>>>>>>>>>>>>>>>> feature.
> >>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
> >>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> >>>>>>>>>>>>> readme.io/docs/web-session-
> >>>>>>>>>>>>>>>>>> clustering
> >>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>> -Val
> >>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> >>>>>>>>>>>>>>>>>>>>>>> [hidden email]>
> >>>>>>>>>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session replication /
> >>>> fail
> >>>>>>>>>>>>> over
> >>>>>>>>>>>>>>>>> design
> >>>>>>>>>>>>>>>>>> on
> >>>>>>>>>>>>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is the
> >>>> best
> >>>>>>>>>>>> out
> >>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>> get
> >>>>>>>>>>>>>>>>>>>>>>> started
> >>>>>>>>>>>>>>>>>>>>>>>>> here ?
> >>>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
> >>>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>>> - Make use of Spring Session for session
> >>>>>>>>>>>>> replication
> >>>>>>>>>>>>>>>> and
> >>>>>>>>>>>>>>>>>> fail
> >>>>>>>>>>>>>>>>>>>>>>> over
> >>>>>>>>>>>>>>>>>>>>>>>>>> - Extend the web session filter and make it
> >>>> work
> >>>>>>>>>>>> on
> >>>>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>>>>>>>>> boot
> >>>>>>>>>>>>>>>>>>>>>>>>>> application
> >>>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be to get
> >>>>>>>>>>>>> started
> >>>>>>>>>>>>>>>> here
> >>>>>>>>>>>>>>>>>>>>>>> with
> >>>>>>>>>>>>>>>>>>>>>>>> spring
> >>>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for feedback
> >>>>>> here.
> >>>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> --
> >>>>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> --
> >>>>>>>>>>>> Rishi Yagnik
> >>>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Rishi Yagnik
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Rishi Yagnik
> >>>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Rishi Yagnik
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Rishi Yagnik
> >>>>
> >>
> >
> >
> >
> > --
> > Rishi Yagnik
>
>

> Denis,
>
> Yes, this should be possible. I will try to finalize the fix asap.
>
> -Val
>
> On Fri, Mar 17, 2017 at 7:46 PM, Denis Magda <[hidden email]> wrote:
>
> > Val,
> >
> > Will it be possible to incorporate the fix into the nearest 2.0 release?
> >
> > —
> > Denis
> >
> > > On Mar 17, 2017, at 11:43 AM, Rishi Yagnik <[hidden email]>
> > wrote:
> > >
> > > Hi Val,
> > >
> > > Hope you are well, any update on web session clustering.
> > >
> > > Thanks,
> > > Rishi
> > >
> > > On Sat, Mar 11, 2017 at 12:29 PM, Rishi Yagnik <[hidden email]>
> > > wrote:
> > >
> > >> Hi Val,
> > >>
> > >> Thanks looking forward for the fix..
> > >>
> > >> Take Care,
> > >> Rishi
> > >>
> > >>> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
> > >> [hidden email]> wrote:
> > >>>
> > >>> Hi Rishi,
> > >>>
> > >>> I want to fix the bug first. It takes a bit longer than I thought,
> but
> > I
> > >>> should finish it over the weekend.
> > >>>
> > >>> -Val
> > >>>
> > >>>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <
> [hidden email]>
> > >> wrote:
> > >>>>
> > >>>> Hi Val,
> > >>>>
> > >>>> Did you chance to look into session handling issue ?
> > >>>>
> > >>>> Thanks,
> > >>>>
> > >>>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <[hidden email]
> >
> > >>>> wrote:
> > >>>>
> > >>>>> Hi Val,
> > >>>>>
> > >>>>> Do you think I can test a fix in 1.9 RC releases ? How are you
> > planning
> > >>>> to
> > >>>>> release a fix ?
> > >>>>>
> > >>>>> Did you also look into problem where storing xsrf token in Ignite
> > >> returns
> > >>>>> an exception and does not behave as expected ?
> > >>>>>
> > >>>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with
> > >> following
> > >>>>> code -
> > >>>>>
> > >>>>> .csrfTokenRepository(csrfTokenRepository())
> > >>>>>
> > >>>>> private CsrfTokenRepository csrfTokenRepository() {
> > >>>>>   HttpSessionCsrfTokenRepository repository = new
> > >>>> HttpSessionCsrfTokenRepository();
> > >>>>>   repository.setHeaderName("X-XSRF-TOKEN");
> > >>>>>   return repository;
> > >>>>> }
> > >>>>>
> > >>>>> Thank you for all your help,
> > >>>>>
> > >>>>>
> > >>>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> > >>>>> [hidden email]> wrote:
> > >>>>>
> > >>>>>> Hi Rishi,
> > >>>>>>
> > >>>>>> I got to the bottom of it. Basically, the session is replaced in
> > >> Spring
> > >>>>>> filter, but caching happens based on the old version which doesn't
> > >> have
> > >>>>>> security attributes. The fix is going to be very easy, I will do
> it
> > >>>>>> tomorrow.
> > >>>>>>
> > >>>>>> -Val
> > >>>>>>
> > >>>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <
> [hidden email]
> > >
> > >>>>>> wrote:
> > >>>>>>
> > >>>>>>> Val,
> > >>>>>>>
> > >>>>>>> Did you get chance to play around with the code ?
> > >>>>>>>
> > >>>>>>> Thanks,
> > >>>>>>>
> > >>>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <
> > [hidden email]>
> > >>>>>>> wrote:
> > >>>>>>>
> > >>>>>>>> Val,
> > >>>>>>>>
> > >>>>>>>> Adding a filter before csrf filter will invoke the custom ignite
> > >>>>>> filter.
> > >>>>>>>>
> > >>>>>>>> Declare a custom filter class extends it with websession filter
> > >>>>>>>>
> > >>>>>>>> public class CustomWebSessionFilter extends WebSessionFilter {
> > >>>>>>>>
> > >>>>>>>>        private static boolean igniteInitialize = false
> > >>>>>>>>
> > >>>>>>>> @Override public void doFilter(ServletRequest req,
> ServletResponse
> > >>>>>> res,
> > >>>>>>>> FilterChain chain)
> > >>>>>>>>           throws IOException, ServletException {
> > >>>>>>>>       if(!igniteInitialize) {
> > >>>>>>>>           super.init(new FilterConfig() {
> > >>>>>>>>               @Override
> > >>>>>>>>               public String getFilterName() {
> > >>>>>>>>                   return "CustomWebSessionFilter";
> > >>>>>>>>               }
> > >>>>>>>>
> > >>>>>>>>               @Override
> > >>>>>>>>               public ServletContext getServletContext() {
> > >>>>>>>>                   return req.getServletContext();
> > >>>>>>>>               }
> > >>>>>>>>
> > >>>>>>>>               @Override
> > >>>>>>>>               public String getInitParameter(String name) {
> > >>>>>>>>                   return null;
> > >>>>>>>>               }
> > >>>>>>>>
> > >>>>>>>>               @Override
> > >>>>>>>>               public Enumeration<String>
> getInitParameterNames() {
> > >>>>>>>>                   return null;
> > >>>>>>>>               }
> > >>>>>>>>           });
> > >>>>>>>>           igniteInitialize = true;
> > >>>>>>>>       }
> > >>>>>>>>       super.doFilter(req,res,chain);
> > >>>>>>>>   }
> > >>>>>>>> }
> > >>>>>>>>
> > >>>>>>>> And in SecurityConfig.java add following line to invoke filter
> > >>>> before
> > >>>>>>>> Ignite Web Session filter -
> > >>>>>>>>
> > >>>>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> > >>>>>>>>
> > >>>>>>>> Hope it helps..
> > >>>>>>>>
> > >>>>>>>> Thanks,
> > >>>>>>>>
> > >>>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> > >>>>>>>> [hidden email]> wrote:
> > >>>>>>>>
> > >>>>>>>>> Rishi,
> > >>>>>>>>>
> > >>>>>>>>> Can you please share how you forced Ignite filter to be invoked
> > >>>>>> before
> > >>>>>>>>> security filter?
> > >>>>>>>>>
> > >>>>>>>>> -Val
> > >>>>>>>>>
> > >>>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> > >>>> [hidden email]
> > >>>>>>>
> > >>>>>>>>> wrote:
> > >>>>>>>>>
> > >>>>>>>>>> Hi Val,
> > >>>>>>>>>>
> > >>>>>>>>>> Thanks for the response, we have executed ignite filter before
> > >>>>>> spring
> > >>>>>>>>>> security filter but somehow the ignite filter does not do the
> > job
> > >>>>>> of
> > >>>>>>>>>> setting spring principle context.
> > >>>>>>>>>>
> > >>>>>>>>>> As a result even though we have spring principle in session,
> > >>>> spring
> > >>>>>>>>> filter
> > >>>>>>>>>> does not recognize it and sends us back to log in page.
> > >>>>>>>>>>
> > >>>>>>>>>> I think there s some more work needed here to change the
> filter
> > >>>> and
> > >>>>>>> make
> > >>>>>>>>>> it work with spring boot application.
> > >>>>>>>>>>
> > >>>>>>>>>> Take Care,
> > >>>>>>>>>> Rishi
> > >>>>>>>>>>
> > >>>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > >>>>>>>>>> [hidden email]> wrote:
> > >>>>>>>>>>>
> > >>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>
> > >>>>>>>>>>> I did some debugging. Apparently, the reason for this
> behavior
> > >>>> is
> > >>>>>>> that
> > >>>>>>>>>>> Spring Security filter resides before Ignite's filter in the
> > >>>>>> chain
> > >>>>>>>>> list.
> > >>>>>>>>>> I
> > >>>>>>>>>>> think that eventually this should be fixed in the product,
> but
> > >>>> in
> > >>>>>>> the
> > >>>>>>>>>>> meantime there must be a way to work around the problem by
> > >>>>>>> controlling
> > >>>>>>>>>> the
> > >>>>>>>>>>> order. Do you know how this can be done in Spring Boot?
> > >>>>>>>>>>>
> > >>>>>>>>>>> -Val
> > >>>>>>>>>>>
> > >>>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> > >>>>>>> [hidden email]
> > >>>>>>>>>>
> > >>>>>>>>>> wrote:
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Hi Val,
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Sorry for pestering, thanks for all your help.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Rishi
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > >>>>>>>>>>>> [hidden email]> wrote:
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs, will
> try
> > >>>> to
> > >>>>>>>>> give an
> > >>>>>>>>>>>>> update as soon as possible.
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> > >>>>>>>>> [hidden email]>
> > >>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Hi Val,
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> any update on session replication issue ?
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>>> Rishi
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> > >>>>>>>>> [hidden email]>
> > >>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> Thanks Val for looking into it.
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> > >>>>>>>>>>>>>>> [hidden email]> wrote:
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll take a
> > >>>> look
> > >>>>>> and
> > >>>>>>>>> let
> > >>>>>>>>>>>>> you
> > >>>>>>>>>>>>>>>> know my findings soon.
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > >>>>>>>>>>>> [hidden email]>
> > >>>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> Hi Val,
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> The issue will occur in cluster environment, please
> setup
> > >>>>>> the
> > >>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>> boot
> > >>>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
> > >>>> front
> > >>>>>> and
> > >>>>>>>>> try
> > >>>>>>>>>>>>> to
> > >>>>>>>>>>>>>>>>> login.
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> In cluster environment, Spring security does not
> > >>>> recognize
> > >>>>>> the
> > >>>>>>>>>>>>> session
> > >>>>>>>>>>>>>>>> on
> > >>>>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
> > >>>>>> security
> > >>>>>>>>> will
> > >>>>>>>>>>>>>>>> redirect
> > >>>>>>>>>>>>>>>>> to login url however the correct behavior should be
> that
> > >>>>>> user
> > >>>>>>>>>>>> would
> > >>>>>>>>>>>>>> stay
> > >>>>>>>>>>>>>>>>> logged in with session replication.
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> Do let me know if you need more information.
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>>>>>> Rishi
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> > >>>>>>>>>>>>>>>>> [hidden email]> wrote:
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>> I was able to build and run the application. Can you
> > >>>> give
> > >>>>>>> some
> > >>>>>>>>>>>>>>>>> description
> > >>>>>>>>>>>>>>>>>> on what should I test to understand the issue? What
> > >>>>>> exactly
> > >>>>>>>>>>>> didn't
> > >>>>>>>>>>>>>>>> work
> > >>>>>>>>>>>>>>>>> for
> > >>>>>>>>>>>>>>>>>> you?
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko
> <
> > >>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
> > >>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> > >>>>>>>>>>>>>>>> [hidden email]>
> > >>>>>>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> Hi Val,
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> As promised, please find attached code for spring
> boot
> > >>>>>>>>>>>>>> integration
> > >>>>>>>>>>>>>>>>> with
> > >>>>>>>>>>>>>>>>>>>> spring security along with Ignite.
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> Some more information on project -
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> > >>>>>>>>>>>>>>>>>>>> - spring security integrated with boot project along
> > >>>>>> with
> > >>>>>>>>>>>>>> ignite
> > >>>>>>>>>>>>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not
> > >>>> work,
> > >>>>>>>>>>>> gives
> > >>>>>>>>>>>>>>>>>>>> intermediate errors on single instance so used
> > >>>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
> > >>>>>>>>>>>>>>>>>>>> for CSRF token, again I think we need a fix here
> > >>>> from
> > >>>>>>>>>>>>> Ignite.
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running on
> > >>>>>> single
> > >>>>>>>>>>>>>> instance,
> > >>>>>>>>>>>>>>>>> you
> > >>>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance
> having
> > >>>>>> proxy
> > >>>>>>>>>>>> in
> > >>>>>>>>>>>>>>>> front (
> > >>>>>>>>>>>>>>>>>> F5,
> > >>>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky
> > >>>>>> session
> > >>>>>>>>>>>> on
> > >>>>>>>>>>>>> F5
> > >>>>>>>>>>>>>>>> OR
> > >>>>>>>>>>>>>>>>>>>> proxies ).
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> We were thinking with round robin the user session
> > >>>> will
> > >>>>>>>>>>>> active
> > >>>>>>>>>>>>>>>> since
> > >>>>>>>>>>>>>>>>> we
> > >>>>>>>>>>>>>>>>>>>> used session replication on backend.
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> Do let me know if you need more information here.
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> Rishi
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> > >>>>>>>>>>>>>>>> [hidden email]>
> > >>>>>>>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>> Val,
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have asked
> > >>>> for
> > >>>>>> an
> > >>>>>>>>>>>>>>>> approval to
> > >>>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day or
> > >>>> two.
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>> I will keep you posted.
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>> Thanks for all your help,
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> > >>>>>>>>>>>>>>>> [hidden email]
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send it
> > >>>>>> across to
> > >>>>>>>>>>>>> you.
> > >>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> > >>>> Kulichenko <
> > >>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> > >>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>> Rishi,
> > >>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should
> start
> > >>>>>>> with.
> > >>>>>>>>>>>> I
> > >>>>>>>>>>>>>>>> want to
> > >>>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
> > >>>> supported
> > >>>>>>> (if
> > >>>>>>>>>>>>> any)
> > >>>>>>>>>>>>>>>> and
> > >>>>>>>>>>>>>>>>>> then
> > >>>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to reuse
> > >>>>>>> existing
> > >>>>>>>>>>>>>> code
> > >>>>>>>>>>>>>>>> as
> > >>>>>>>>>>>>>>>>>>>>>>> much as
> > >>>>>>>>>>>>>>>>>>>>>>> possible.
> > >>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the problem
> > >>>> you
> > >>>>>> had
> > >>>>>>>>>>>> and
> > >>>>>>>>>>>>>> how
> > >>>>>>>>>>>>>>>>> you
> > >>>>>>>>>>>>>>>>>>>>>>> tried
> > >>>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering? Can
> you
> > >>>>>> share
> > >>>>>>>>>>>> it
> > >>>>>>>>>>>>>> with
> > >>>>>>>>>>>>>>>>> us?
> > >>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> > >>>>>>>>>>>>>>>>>> [hidden email]>
> > >>>>>>>>>>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> Hi Val,
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring security
> > >>>>>> and we
> > >>>>>>>>>>>>>> found
> > >>>>>>>>>>>>>>>> out
> > >>>>>>>>>>>>>>>>>>>>>>> that the
> > >>>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not work
> > >>>> for
> > >>>>>>>>>>>>> session
> > >>>>>>>>>>>>>>>>>>>>>>> management on
> > >>>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in result
> in
> > >>>>>> some
> > >>>>>>>>>>>>>> weird
> > >>>>>>>>>>>>>>>>>> errors
> > >>>>>>>>>>>>>>>>>>>>>>> with
> > >>>>>>>>>>>>>>>>>>>>>>>> web session filter.
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security
> somehow,
> > >>>>>> we
> > >>>>>>>>>>>> need
> > >>>>>>>>>>>>>> to
> > >>>>>>>>>>>>>>>>> write
> > >>>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web session
> > >>>>>> filter
> > >>>>>>>>>>>>>> would
> > >>>>>>>>>>>>>>>>> work
> > >>>>>>>>>>>>>>>>>>>>>>> with
> > >>>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> > >>>>>> Kulichenko <
> > >>>>>>>>>>>>>>>>>>>>>>>> [hidden email]> wrote:
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
> > >>>>>> clustering
> > >>>>>>>>>>>>>> feature
> > >>>>>>>>>>>>>>>>> [1]
> > >>>>>>>>>>>>>>>>>>>>>>> provided
> > >>>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs
> and
> > >>>>>> it
> > >>>>>>>>>>>>> seems
> > >>>>>>>>>>>>>>>> to
> > >>>>>>>>>>>>>>>>> me
> > >>>>>>>>>>>>>>>>>>>>>>> it does
> > >>>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession with
> > >>>> custom
> > >>>>>>>>>>>>>>>>>> implementation
> > >>>>>>>>>>>>>>>>>>>>>>> that
> > >>>>>>>>>>>>>>>>>>>>>>>> has
> > >>>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> > >>>>>>>>>>>> additional
> > >>>>>>>>>>>>>> API
> > >>>>>>>>>>>>>>>> or
> > >>>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand the
> > >>>>>> benefit
> > >>>>>>>>>>>> of
> > >>>>>>>>>>>>>> this
> > >>>>>>>>>>>>>>>>>>>>>>> feature.
> > >>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
> > >>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > >>>>>>>>>>>>> readme.io/docs/web-session-
> > >>>>>>>>>>>>>>>>>> clustering
> > >>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> > >>>>>>>>>>>>>>>>>>>>>>> [hidden email]>
> > >>>>>>>>>>>>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session replication /
> > >>>> fail
> > >>>>>>>>>>>>> over
> > >>>>>>>>>>>>>>>>> design
> > >>>>>>>>>>>>>>>>>> on
> > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is the
> > >>>> best
> > >>>>>>>>>>>> out
> > >>>>>>>>>>>>> to
> > >>>>>>>>>>>>>>>> get
> > >>>>>>>>>>>>>>>>>>>>>>> started
> > >>>>>>>>>>>>>>>>>>>>>>>>> here ?
> > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
> > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>>> - Make use of Spring Session for session
> > >>>>>>>>>>>>> replication
> > >>>>>>>>>>>>>>>> and
> > >>>>>>>>>>>>>>>>>> fail
> > >>>>>>>>>>>>>>>>>>>>>>> over
> > >>>>>>>>>>>>>>>>>>>>>>>>>> - Extend the web session filter and make it
> > >>>> work
> > >>>>>>>>>>>> on
> > >>>>>>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>>>>>>>>> boot
> > >>>>>>>>>>>>>>>>>>>>>>>>>> application
> > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be to
> get
> > >>>>>>>>>>>>> started
> > >>>>>>>>>>>>>>>> here
> > >>>>>>>>>>>>>>>>>>>>>>> with
> > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for feedback
> > >>>>>> here.
> > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> --
> > >>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>> --
> > >>>>>>>> Rishi Yagnik
> > >>>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> Rishi Yagnik
> > >>>>>>>
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> --
> > >>>>> Rishi Yagnik
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> Rishi Yagnik
> > >>>>
> > >>
> > >
> > >
> > >
> > > --
> > > Rishi Yagnik
> >
> >
>

> Thanks, Val.
>
> When are we going to release Ignite 2.0 ? June ??
>
> Thanks,
>
> On Sat, Mar 18, 2017 at 6:02 AM, Valentin Kulichenko <
> [hidden email] <javascript:;>> wrote:
>
> > Denis,
> >
> > Yes, this should be possible. I will try to finalize the fix asap.
> >
> > -Val
> >
> > On Fri, Mar 17, 2017 at 7:46 PM, Denis Magda <[hidden email]
> <javascript:;>> wrote:
> >
> > > Val,
> > >
> > > Will it be possible to incorporate the fix into the nearest 2.0
> release?
> > >
> > > —
> > > Denis
> > >
> > > > On Mar 17, 2017, at 11:43 AM, Rishi Yagnik <[hidden email]
> <javascript:;>>
> > > wrote:
> > > >
> > > > Hi Val,
> > > >
> > > > Hope you are well, any update on web session clustering.
> > > >
> > > > Thanks,
> > > > Rishi
> > > >
> > > > On Sat, Mar 11, 2017 at 12:29 PM, Rishi Yagnik <
> [hidden email] <javascript:;>>
> > > > wrote:
> > > >
> > > >> Hi Val,
> > > >>
> > > >> Thanks looking forward for the fix..
> > > >>
> > > >> Take Care,
> > > >> Rishi
> > > >>
> > > >>> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
> > > >> [hidden email] <javascript:;>> wrote:
> > > >>>
> > > >>> Hi Rishi,
> > > >>>
> > > >>> I want to fix the bug first. It takes a bit longer than I thought,
> > but
> > > I
> > > >>> should finish it over the weekend.
> > > >>>
> > > >>> -Val
> > > >>>
> > > >>>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <
> > [hidden email] <javascript:;>>
> > > >> wrote:
> > > >>>>
> > > >>>> Hi Val,
> > > >>>>
> > > >>>> Did you chance to look into session handling issue ?
> > > >>>>
> > > >>>> Thanks,
> > > >>>>
> > > >>>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <
> [hidden email] <javascript:;>
> > >
> > > >>>> wrote:
> > > >>>>
> > > >>>>> Hi Val,
> > > >>>>>
> > > >>>>> Do you think I can test a fix in 1.9 RC releases ? How are you
> > > planning
> > > >>>> to
> > > >>>>> release a fix ?
> > > >>>>>
> > > >>>>> Did you also look into problem where storing xsrf token in Ignite
> > > >> returns
> > > >>>>> an exception and does not behave as expected ?
> > > >>>>>
> > > >>>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with
> > > >> following
> > > >>>>> code -
> > > >>>>>
> > > >>>>> .csrfTokenRepository(csrfTokenRepository())
> > > >>>>>
> > > >>>>> private CsrfTokenRepository csrfTokenRepository() {
> > > >>>>>   HttpSessionCsrfTokenRepository repository = new
> > > >>>> HttpSessionCsrfTokenRepository();
> > > >>>>>   repository.setHeaderName("X-XSRF-TOKEN");
> > > >>>>>   return repository;
> > > >>>>> }
> > > >>>>>
> > > >>>>> Thank you for all your help,
> > > >>>>>
> > > >>>>>
> > > >>>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> > > >>>>> [hidden email] <javascript:;>> wrote:
> > > >>>>>
> > > >>>>>> Hi Rishi,
> > > >>>>>>
> > > >>>>>> I got to the bottom of it. Basically, the session is replaced in
> > > >> Spring
> > > >>>>>> filter, but caching happens based on the old version which
> doesn't
> > > >> have
> > > >>>>>> security attributes. The fix is going to be very easy, I will do
> > it
> > > >>>>>> tomorrow.
> > > >>>>>>
> > > >>>>>> -Val
> > > >>>>>>
> > > >>>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <
> > [hidden email] <javascript:;>
> > > >
> > > >>>>>> wrote:
> > > >>>>>>
> > > >>>>>>> Val,
> > > >>>>>>>
> > > >>>>>>> Did you get chance to play around with the code ?
> > > >>>>>>>
> > > >>>>>>> Thanks,
> > > >>>>>>>
> > > >>>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <
> > > [hidden email] <javascript:;>>
> > > >>>>>>> wrote:
> > > >>>>>>>
> > > >>>>>>>> Val,
> > > >>>>>>>>
> > > >>>>>>>> Adding a filter before csrf filter will invoke the custom
> ignite
> > > >>>>>> filter.
> > > >>>>>>>>
> > > >>>>>>>> Declare a custom filter class extends it with websession
> filter
> > > >>>>>>>>
> > > >>>>>>>> public class CustomWebSessionFilter extends WebSessionFilter {
> > > >>>>>>>>
> > > >>>>>>>>        private static boolean igniteInitialize = false
> > > >>>>>>>>
> > > >>>>>>>> @Override public void doFilter(ServletRequest req,
> > ServletResponse
> > > >>>>>> res,
> > > >>>>>>>> FilterChain chain)
> > > >>>>>>>>           throws IOException, ServletException {
> > > >>>>>>>>       if(!igniteInitialize) {
> > > >>>>>>>>           super.init(new FilterConfig() {
> > > >>>>>>>>               @Override
> > > >>>>>>>>               public String getFilterName() {
> > > >>>>>>>>                   return "CustomWebSessionFilter";
> > > >>>>>>>>               }
> > > >>>>>>>>
> > > >>>>>>>>               @Override
> > > >>>>>>>>               public ServletContext getServletContext() {
> > > >>>>>>>>                   return req.getServletContext();
> > > >>>>>>>>               }
> > > >>>>>>>>
> > > >>>>>>>>               @Override
> > > >>>>>>>>               public String getInitParameter(String name) {
> > > >>>>>>>>                   return null;
> > > >>>>>>>>               }
> > > >>>>>>>>
> > > >>>>>>>>               @Override
> > > >>>>>>>>               public Enumeration<String>
> > getInitParameterNames() {
> > > >>>>>>>>                   return null;
> > > >>>>>>>>               }
> > > >>>>>>>>           });
> > > >>>>>>>>           igniteInitialize = true;
> > > >>>>>>>>       }
> > > >>>>>>>>       super.doFilter(req,res,chain);
> > > >>>>>>>>   }
> > > >>>>>>>> }
> > > >>>>>>>>
> > > >>>>>>>> And in SecurityConfig.java add following line to invoke filter
> > > >>>> before
> > > >>>>>>>> Ignite Web Session filter -
> > > >>>>>>>>
> > > >>>>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> > > >>>>>>>>
> > > >>>>>>>> Hope it helps..
> > > >>>>>>>>
> > > >>>>>>>> Thanks,
> > > >>>>>>>>
> > > >>>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> > > >>>>>>>> [hidden email] <javascript:;>> wrote:
> > > >>>>>>>>
> > > >>>>>>>>> Rishi,
> > > >>>>>>>>>
> > > >>>>>>>>> Can you please share how you forced Ignite filter to be
> invoked
> > > >>>>>> before
> > > >>>>>>>>> security filter?
> > > >>>>>>>>>
> > > >>>>>>>>> -Val
> > > >>>>>>>>>
> > > >>>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> > > >>>> [hidden email] <javascript:;>
> > > >>>>>>>
> > > >>>>>>>>> wrote:
> > > >>>>>>>>>
> > > >>>>>>>>>> Hi Val,
> > > >>>>>>>>>>
> > > >>>>>>>>>> Thanks for the response, we have executed ignite filter
> before
> > > >>>>>> spring
> > > >>>>>>>>>> security filter but somehow the ignite filter does not do
> the
> > > job
> > > >>>>>> of
> > > >>>>>>>>>> setting spring principle context.
> > > >>>>>>>>>>
> > > >>>>>>>>>> As a result even though we have spring principle in session,
> > > >>>> spring
> > > >>>>>>>>> filter
> > > >>>>>>>>>> does not recognize it and sends us back to log in page.
> > > >>>>>>>>>>
> > > >>>>>>>>>> I think there s some more work needed here to change the
> > filter
> > > >>>> and
> > > >>>>>>> make
> > > >>>>>>>>>> it work with spring boot application.
> > > >>>>>>>>>>
> > > >>>>>>>>>> Take Care,
> > > >>>>>>>>>> Rishi
> > > >>>>>>>>>>
> > > >>>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > > >>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> Hi Rishi,
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> I did some debugging. Apparently, the reason for this
> > behavior
> > > >>>> is
> > > >>>>>>> that
> > > >>>>>>>>>>> Spring Security filter resides before Ignite's filter in
> the
> > > >>>>>> chain
> > > >>>>>>>>> list.
> > > >>>>>>>>>> I
> > > >>>>>>>>>>> think that eventually this should be fixed in the product,
> > but
> > > >>>> in
> > > >>>>>>> the
> > > >>>>>>>>>>> meantime there must be a way to work around the problem by
> > > >>>>>>> controlling
> > > >>>>>>>>>> the
> > > >>>>>>>>>>> order. Do you know how this can be done in Spring Boot?
> > > >>>>>>>>>>>
> > > >>>>>>>>>>> -Val
> > > >>>>>>>>>>>
> > > >>>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> > > >>>>>>> [hidden email] <javascript:;>
> > > >>>>>>>>>>
> > > >>>>>>>>>> wrote:
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Hi Val,
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Sorry for pestering, thanks for all your help.
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> Rishi
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > > >>>>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>>> Hi Rishi,
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs, will
> > try
> > > >>>> to
> > > >>>>>>>>> give an
> > > >>>>>>>>>>>>> update as soon as possible.
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> -Val
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> > > >>>>>>>>> [hidden email] <javascript:;>>
> > > >>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Hi Val,
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> any update on session replication issue ?
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> Thanks,
> > > >>>>>>>>>>>>>> Rishi
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> > > >>>>>>>>> [hidden email] <javascript:;>>
> > > >>>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>> Thanks Val for looking into it.
> > > >>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> > > >>>>>>>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > >>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>> Hi Rishi,
> > > >>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll take a
> > > >>>> look
> > > >>>>>> and
> > > >>>>>>>>> let
> > > >>>>>>>>>>>>> you
> > > >>>>>>>>>>>>>>>> know my findings soon.
> > > >>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>> -Val
> > > >>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > > >>>>>>>>>>>> [hidden email] <javascript:;>>
> > > >>>>>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>> Hi Val,
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>> The issue will occur in cluster environment, please
> > setup
> > > >>>>>> the
> > > >>>>>>>>>>>> spring
> > > >>>>>>>>>>>>>>>> boot
> > > >>>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in
> > > >>>> front
> > > >>>>>> and
> > > >>>>>>>>> try
> > > >>>>>>>>>>>>> to
> > > >>>>>>>>>>>>>>>>> login.
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>> In cluster environment, Spring security does not
> > > >>>> recognize
> > > >>>>>> the
> > > >>>>>>>>>>>>> session
> > > >>>>>>>>>>>>>>>> on
> > > >>>>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
> > > >>>>>> security
> > > >>>>>>>>> will
> > > >>>>>>>>>>>>>>>> redirect
> > > >>>>>>>>>>>>>>>>> to login url however the correct behavior should be
> > that
> > > >>>>>> user
> > > >>>>>>>>>>>> would
> > > >>>>>>>>>>>>>> stay
> > > >>>>>>>>>>>>>>>>> logged in with session replication.
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>> Do let me know if you need more information.
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>> Thanks,
> > > >>>>>>>>>>>>>>>>> Rishi
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko
> <
> > > >>>>>>>>>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>> Hi Rishi,
> > > >>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>> I was able to build and run the application. Can you
> > > >>>> give
> > > >>>>>>> some
> > > >>>>>>>>>>>>>>>>> description
> > > >>>>>>>>>>>>>>>>>> on what should I test to understand the issue? What
> > > >>>>>> exactly
> > > >>>>>>>>>>>> didn't
> > > >>>>>>>>>>>>>>>> work
> > > >>>>>>>>>>>>>>>>> for
> > > >>>>>>>>>>>>>>>>>> you?
> > > >>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>> -Val
> > > >>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin
> Kulichenko
> > <
> > > >>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> wrote:
> > > >>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > >>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
> > > >>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>> -Val
> > > >>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > >>>>>>>>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> Hi Val,
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> As promised, please find attached code for spring
> > boot
> > > >>>>>>>>>>>>>> integration
> > > >>>>>>>>>>>>>>>>> with
> > > >>>>>>>>>>>>>>>>>>>> spring security along with Ignite.
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> Some more information on project -
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> > > >>>>>>>>>>>>>>>>>>>> - spring security integrated with boot project
> along
> > > >>>>>> with
> > > >>>>>>>>>>>>>> ignite
> > > >>>>>>>>>>>>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not
> > > >>>> work,
> > > >>>>>>>>>>>> gives
> > > >>>>>>>>>>>>>>>>>>>> intermediate errors on single instance so used
> > > >>>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
> > > >>>>>>>>>>>>>>>>>>>> for CSRF token, again I think we need a fix here
> > > >>>> from
> > > >>>>>>>>>>>>> Ignite.
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running on
> > > >>>>>> single
> > > >>>>>>>>>>>>>> instance,
> > > >>>>>>>>>>>>>>>>> you
> > > >>>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance
> > having
> > > >>>>>> proxy
> > > >>>>>>>>>>>> in
> > > >>>>>>>>>>>>>>>> front (
> > > >>>>>>>>>>>>>>>>>> F5,
> > > >>>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no
> sticky
> > > >>>>>> session
> > > >>>>>>>>>>>> on
> > > >>>>>>>>>>>>> F5
> > > >>>>>>>>>>>>>>>> OR
> > > >>>>>>>>>>>>>>>>>>>> proxies ).
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> We were thinking with round robin the user session
> > > >>>> will
> > > >>>>>>>>>>>> active
> > > >>>>>>>>>>>>>>>> since
> > > >>>>>>>>>>>>>>>>> we
> > > >>>>>>>>>>>>>>>>>>>> used session replication on backend.
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> Do let me know if you need more information here.
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> Thanks,
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> Rishi
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > >>>>>>>>>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>> Val,
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have
> asked
> > > >>>> for
> > > >>>>>> an
> > > >>>>>>>>>>>>>>>> approval to
> > > >>>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day
> or
> > > >>>> two.
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>> I will keep you posted.
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>> Thanks for all your help,
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>
> > > >>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send it
> > > >>>>>> across to
> > > >>>>>>>>>>>>> you.
> > > >>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > >>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> > > >>>> Kulichenko <
> > > >>>>>>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> wrote:
> > > >>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>> Rishi,
> > > >>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should
> > start
> > > >>>>>>> with.
> > > >>>>>>>>>>>> I
> > > >>>>>>>>>>>>>>>> want to
> > > >>>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
> > > >>>> supported
> > > >>>>>>> (if
> > > >>>>>>>>>>>>> any)
> > > >>>>>>>>>>>>>>>> and
> > > >>>>>>>>>>>>>>>>>> then
> > > >>>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to
> reuse
> > > >>>>>>> existing
> > > >>>>>>>>>>>>>> code
> > > >>>>>>>>>>>>>>>> as
> > > >>>>>>>>>>>>>>>>>>>>>>> much as
> > > >>>>>>>>>>>>>>>>>>>>>>> possible.
> > > >>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the
> problem
> > > >>>> you
> > > >>>>>> had
> > > >>>>>>>>>>>> and
> > > >>>>>>>>>>>>>> how
> > > >>>>>>>>>>>>>>>>> you
> > > >>>>>>>>>>>>>>>>>>>>>>> tried
> > > >>>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering? Can
> > you
> > > >>>>>> share
> > > >>>>>>>>>>>> it
> > > >>>>>>>>>>>>>> with
> > > >>>>>>>>>>>>>>>>> us?
> > > >>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>> -Val
> > > >>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik
> <
> > > >>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > >>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> Hi Val,
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring
> security
> > > >>>>>> and we
> > > >>>>>>>>>>>>>> found
> > > >>>>>>>>>>>>>>>> out
> > > >>>>>>>>>>>>>>>>>>>>>>> that the
> > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not
> work
> > > >>>> for
> > > >>>>>>>>>>>>> session
> > > >>>>>>>>>>>>>>>>>>>>>>> management on
> > > >>>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in
> result
> > in
> > > >>>>>> some
> > > >>>>>>>>>>>>>> weird
> > > >>>>>>>>>>>>>>>>>> errors
> > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter.
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security
> > somehow,
> > > >>>>>> we
> > > >>>>>>>>>>>> need
> > > >>>>>>>>>>>>>> to
> > > >>>>>>>>>>>>>>>>> write
> > > >>>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web
> session
> > > >>>>>> filter
> > > >>>>>>>>>>>>>> would
> > > >>>>>>>>>>>>>>>>> work
> > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > >>>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> > > >>>>>> Kulichenko <
> > > >>>>>>>>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> wrote:
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
> > > >>>>>> clustering
> > > >>>>>>>>>>>>>> feature
> > > >>>>>>>>>>>>>>>>> [1]
> > > >>>>>>>>>>>>>>>>>>>>>>> provided
> > > >>>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs
> > and
> > > >>>>>> it
> > > >>>>>>>>>>>>> seems
> > > >>>>>>>>>>>>>>>> to
> > > >>>>>>>>>>>>>>>>> me
> > > >>>>>>>>>>>>>>>>>>>>>>> it does
> > > >>>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession with
> > > >>>> custom
> > > >>>>>>>>>>>>>>>>>> implementation
> > > >>>>>>>>>>>>>>>>>>>>>>> that
> > > >>>>>>>>>>>>>>>>>>>>>>>> has
> > > >>>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> > > >>>>>>>>>>>> additional
> > > >>>>>>>>>>>>>> API
> > > >>>>>>>>>>>>>>>> or
> > > >>>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand the
> > > >>>>>> benefit
> > > >>>>>>>>>>>> of
> > > >>>>>>>>>>>>>> this
> > > >>>>>>>>>>>>>>>>>>>>>>> feature.
> > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
> > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > > >>>>>>>>>>>>> readme.io/docs/web-session-
> > > >>>>>>>>>>>>>>>>>> clustering
> > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>> -Val
> > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi
> Yagnik <
> > > >>>>>>>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session replication
> /
> > > >>>> fail
> > > >>>>>>>>>>>>> over
> > > >>>>>>>>>>>>>>>>> design
> > > >>>>>>>>>>>>>>>>>> on
> > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is the
> > > >>>> best
> > > >>>>>>>>>>>> out
> > > >>>>>>>>>>>>> to
> > > >>>>>>>>>>>>>>>> get
> > > >>>>>>>>>>>>>>>>>>>>>>> started
> > > >>>>>>>>>>>>>>>>>>>>>>>>> here ?
> > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
> > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Make use of Spring Session for session
> > > >>>>>>>>>>>>> replication
> > > >>>>>>>>>>>>>>>> and
> > > >>>>>>>>>>>>>>>>>> fail
> > > >>>>>>>>>>>>>>>>>>>>>>> over
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Extend the web session filter and make it
> > > >>>> work
> > > >>>>>>>>>>>> on
> > > >>>>>>>>>>>>>>>> spring
> > > >>>>>>>>>>>>>>>>>>>>>>> boot
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> application
> > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be to
> > get
> > > >>>>>>>>>>>>> started
> > > >>>>>>>>>>>>>>>> here
> > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for
> feedback
> > > >>>>>> here.
> > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>> --
> > > >>>>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>>>
> > > >>>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>>> --
> > > >>>>>>>>>>>> Rishi Yagnik
> > > >>>>>>>>>>>>
> > > >>>>>>>>>>
> > > >>>>>>>>>
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>>>
> > > >>>>>>>> --
> > > >>>>>>>> Rishi Yagnik
> > > >>>>>>>>
> > > >>>>>>>
> > > >>>>>>>
> > > >>>>>>>
> > > >>>>>>> --
> > > >>>>>>> Rishi Yagnik
> > > >>>>>>>
> > > >>>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>>
> > > >>>>> --
> > > >>>>> Rishi Yagnik
> > > >>>>>
> > > >>>>
> > > >>>>
> > > >>>>
> > > >>>> --
> > > >>>> Rishi Yagnik
> > > >>>>
> > > >>
> > > >
> > > >
> > > >
> > > > --
> > > > Rishi Yagnik
> > >
> > >
> >
>
>
>
> --
> Rishi Yagnik
>

> Somewhere in April. This will be clarified on the dev list soon.
>
> On Saturday, March 18, 2017, Rishi Yagnik <[hidden email]> wrote:
>
> > Thanks, Val.
> >
> > When are we going to release Ignite 2.0 ? June ??
> >
> > Thanks,
> >
> > On Sat, Mar 18, 2017 at 6:02 AM, Valentin Kulichenko <
> > [hidden email] <javascript:;>> wrote:
> >
> > > Denis,
> > >
> > > Yes, this should be possible. I will try to finalize the fix asap.
> > >
> > > -Val
> > >
> > > On Fri, Mar 17, 2017 at 7:46 PM, Denis Magda <[hidden email]
> > <javascript:;>> wrote:
> > >
> > > > Val,
> > > >
> > > > Will it be possible to incorporate the fix into the nearest 2.0
> > release?
> > > >
> > > > —
> > > > Denis
> > > >
> > > > > On Mar 17, 2017, at 11:43 AM, Rishi Yagnik <[hidden email]
> > <javascript:;>>
> > > > wrote:
> > > > >
> > > > > Hi Val,
> > > > >
> > > > > Hope you are well, any update on web session clustering.
> > > > >
> > > > > Thanks,
> > > > > Rishi
> > > > >
> > > > > On Sat, Mar 11, 2017 at 12:29 PM, Rishi Yagnik <
> > [hidden email] <javascript:;>>
> > > > > wrote:
> > > > >
> > > > >> Hi Val,
> > > > >>
> > > > >> Thanks looking forward for the fix..
> > > > >>
> > > > >> Take Care,
> > > > >> Rishi
> > > > >>
> > > > >>> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
> > > > >> [hidden email] <javascript:;>> wrote:
> > > > >>>
> > > > >>> Hi Rishi,
> > > > >>>
> > > > >>> I want to fix the bug first. It takes a bit longer than I
> thought,
> > > but
> > > > I
> > > > >>> should finish it over the weekend.
> > > > >>>
> > > > >>> -Val
> > > > >>>
> > > > >>>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <
> > > [hidden email] <javascript:;>>
> > > > >> wrote:
> > > > >>>>
> > > > >>>> Hi Val,
> > > > >>>>
> > > > >>>> Did you chance to look into session handling issue ?
> > > > >>>>
> > > > >>>> Thanks,
> > > > >>>>
> > > > >>>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <
> > [hidden email] <javascript:;>
> > > >
> > > > >>>> wrote:
> > > > >>>>
> > > > >>>>> Hi Val,
> > > > >>>>>
> > > > >>>>> Do you think I can test a fix in 1.9 RC releases ? How are you
> > > > planning
> > > > >>>> to
> > > > >>>>> release a fix ?
> > > > >>>>>
> > > > >>>>> Did you also look into problem where storing xsrf token in
> Ignite
> > > > >> returns
> > > > >>>>> an exception and does not behave as expected ?
> > > > >>>>>
> > > > >>>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository with
> > > > >> following
> > > > >>>>> code -
> > > > >>>>>
> > > > >>>>> .csrfTokenRepository(csrfTokenRepository())
> > > > >>>>>
> > > > >>>>> private CsrfTokenRepository csrfTokenRepository() {
> > > > >>>>>   HttpSessionCsrfTokenRepository repository = new
> > > > >>>> HttpSessionCsrfTokenRepository();
> > > > >>>>>   repository.setHeaderName("X-XSRF-TOKEN");
> > > > >>>>>   return repository;
> > > > >>>>> }
> > > > >>>>>
> > > > >>>>> Thank you for all your help,
> > > > >>>>>
> > > > >>>>>
> > > > >>>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> > > > >>>>> [hidden email] <javascript:;>> wrote:
> > > > >>>>>
> > > > >>>>>> Hi Rishi,
> > > > >>>>>>
> > > > >>>>>> I got to the bottom of it. Basically, the session is replaced
> in
> > > > >> Spring
> > > > >>>>>> filter, but caching happens based on the old version which
> > doesn't
> > > > >> have
> > > > >>>>>> security attributes. The fix is going to be very easy, I will
> do
> > > it
> > > > >>>>>> tomorrow.
> > > > >>>>>>
> > > > >>>>>> -Val
> > > > >>>>>>
> > > > >>>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <
> > > [hidden email] <javascript:;>
> > > > >
> > > > >>>>>> wrote:
> > > > >>>>>>
> > > > >>>>>>> Val,
> > > > >>>>>>>
> > > > >>>>>>> Did you get chance to play around with the code ?
> > > > >>>>>>>
> > > > >>>>>>> Thanks,
> > > > >>>>>>>
> > > > >>>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <
> > > > [hidden email] <javascript:;>>
> > > > >>>>>>> wrote:
> > > > >>>>>>>
> > > > >>>>>>>> Val,
> > > > >>>>>>>>
> > > > >>>>>>>> Adding a filter before csrf filter will invoke the custom
> > ignite
> > > > >>>>>> filter.
> > > > >>>>>>>>
> > > > >>>>>>>> Declare a custom filter class extends it with websession
> > filter
> > > > >>>>>>>>
> > > > >>>>>>>> public class CustomWebSessionFilter extends
> WebSessionFilter {
> > > > >>>>>>>>
> > > > >>>>>>>>        private static boolean igniteInitialize = false
> > > > >>>>>>>>
> > > > >>>>>>>> @Override public void doFilter(ServletRequest req,
> > > ServletResponse
> > > > >>>>>> res,
> > > > >>>>>>>> FilterChain chain)
> > > > >>>>>>>>           throws IOException, ServletException {
> > > > >>>>>>>>       if(!igniteInitialize) {
> > > > >>>>>>>>           super.init(new FilterConfig() {
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public String getFilterName() {
> > > > >>>>>>>>                   return "CustomWebSessionFilter";
> > > > >>>>>>>>               }
> > > > >>>>>>>>
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public ServletContext getServletContext() {
> > > > >>>>>>>>                   return req.getServletContext();
> > > > >>>>>>>>               }
> > > > >>>>>>>>
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public String getInitParameter(String name) {
> > > > >>>>>>>>                   return null;
> > > > >>>>>>>>               }
> > > > >>>>>>>>
> > > > >>>>>>>>               @Override
> > > > >>>>>>>>               public Enumeration<String>
> > > getInitParameterNames() {
> > > > >>>>>>>>                   return null;
> > > > >>>>>>>>               }
> > > > >>>>>>>>           });
> > > > >>>>>>>>           igniteInitialize = true;
> > > > >>>>>>>>       }
> > > > >>>>>>>>       super.doFilter(req,res,chain);
> > > > >>>>>>>>   }
> > > > >>>>>>>> }
> > > > >>>>>>>>
> > > > >>>>>>>> And in SecurityConfig.java add following line to invoke
> filter
> > > > >>>> before
> > > > >>>>>>>> Ignite Web Session filter -
> > > > >>>>>>>>
> > > > >>>>>>>> .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
> > > > >>>>>>>>
> > > > >>>>>>>> Hope it helps..
> > > > >>>>>>>>
> > > > >>>>>>>> Thanks,
> > > > >>>>>>>>
> > > > >>>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> > > > >>>>>>>> [hidden email] <javascript:;>> wrote:
> > > > >>>>>>>>
> > > > >>>>>>>>> Rishi,
> > > > >>>>>>>>>
> > > > >>>>>>>>> Can you please share how you forced Ignite filter to be
> > invoked
> > > > >>>>>> before
> > > > >>>>>>>>> security filter?
> > > > >>>>>>>>>
> > > > >>>>>>>>> -Val
> > > > >>>>>>>>>
> > > > >>>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> > > > >>>> [hidden email] <javascript:;>
> > > > >>>>>>>
> > > > >>>>>>>>> wrote:
> > > > >>>>>>>>>
> > > > >>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> Thanks for the response, we have executed ignite filter
> > before
> > > > >>>>>> spring
> > > > >>>>>>>>>> security filter but somehow the ignite filter does not do
> > the
> > > > job
> > > > >>>>>> of
> > > > >>>>>>>>>> setting spring principle context.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> As a result even though we have spring principle in
> session,
> > > > >>>> spring
> > > > >>>>>>>>> filter
> > > > >>>>>>>>>> does not recognize it and sends us back to log in page.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> I think there s some more work needed here to change the
> > > filter
> > > > >>>> and
> > > > >>>>>>> make
> > > > >>>>>>>>>> it work with spring boot application.
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> Take Care,
> > > > >>>>>>>>>> Rishi
> > > > >>>>>>>>>>
> > > > >>>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > > > >>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> I did some debugging. Apparently, the reason for this
> > > behavior
> > > > >>>> is
> > > > >>>>>>> that
> > > > >>>>>>>>>>> Spring Security filter resides before Ignite's filter in
> > the
> > > > >>>>>> chain
> > > > >>>>>>>>> list.
> > > > >>>>>>>>>> I
> > > > >>>>>>>>>>> think that eventually this should be fixed in the
> product,
> > > but
> > > > >>>> in
> > > > >>>>>>> the
> > > > >>>>>>>>>>> meantime there must be a way to work around the problem
> by
> > > > >>>>>>> controlling
> > > > >>>>>>>>>> the
> > > > >>>>>>>>>>> order. Do you know how this can be done in Spring Boot?
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>> -Val
> > > > >>>>>>>>>>>
> > > > >>>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> > > > >>>>>>> [hidden email] <javascript:;>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Sorry for pestering, thanks for all your help.
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > > > >>>>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs,
> will
> > > try
> > > > >>>> to
> > > > >>>>>>>>> give an
> > > > >>>>>>>>>>>>> update as soon as possible.
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> > > > >>>>>>>>> [hidden email] <javascript:;>>
> > > > >>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> any update on session replication issue ?
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> > > > >>>>>>>>> [hidden email] <javascript:;>>
> > > > >>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>> Thanks Val for looking into it.
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko
> <
> > > > >>>>>>>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll
> take a
> > > > >>>> look
> > > > >>>>>> and
> > > > >>>>>>>>> let
> > > > >>>>>>>>>>>>> you
> > > > >>>>>>>>>>>>>>>> know my findings soon.
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > > > >>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > >>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> The issue will occur in cluster environment, please
> > > setup
> > > > >>>>>> the
> > > > >>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>> boot
> > > > >>>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy)
> in
> > > > >>>> front
> > > > >>>>>> and
> > > > >>>>>>>>> try
> > > > >>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>>> login.
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> In cluster environment, Spring security does not
> > > > >>>> recognize
> > > > >>>>>> the
> > > > >>>>>>>>>>>>> session
> > > > >>>>>>>>>>>>>>>> on
> > > > >>>>>>>>>>>>>>>>> the host you are not logged in, as a result, spring
> > > > >>>>>> security
> > > > >>>>>>>>> will
> > > > >>>>>>>>>>>>>>>> redirect
> > > > >>>>>>>>>>>>>>>>> to login url however the correct behavior should be
> > > that
> > > > >>>>>> user
> > > > >>>>>>>>>>>> would
> > > > >>>>>>>>>>>>>> stay
> > > > >>>>>>>>>>>>>>>>> logged in with session replication.
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> Do let me know if you need more information.
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin
> Kulichenko
> > <
> > > > >>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> wrote:
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> I was able to build and run the application. Can
> you
> > > > >>>> give
> > > > >>>>>>> some
> > > > >>>>>>>>>>>>>>>>> description
> > > > >>>>>>>>>>>>>>>>>> on what should I test to understand the issue?
> What
> > > > >>>>>> exactly
> > > > >>>>>>>>>>>> didn't
> > > > >>>>>>>>>>>>>>>> work
> > > > >>>>>>>>>>>>>>>>> for
> > > > >>>>>>>>>>>>>>>>>> you?
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin
> > Kulichenko
> > > <
> > > > >>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > wrote:
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> > > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> As promised, please find attached code for
> spring
> > > boot
> > > > >>>>>>>>>>>>>> integration
> > > > >>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>> spring security along with Ignite.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Some more information on project -
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB
> 1.4.3 )
> > > > >>>>>>>>>>>>>>>>>>>> - spring security integrated with boot project
> > along
> > > > >>>>>> with
> > > > >>>>>>>>>>>>>> ignite
> > > > >>>>>>>>>>>>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not
> > > > >>>> work,
> > > > >>>>>>>>>>>> gives
> > > > >>>>>>>>>>>>>>>>>>>> intermediate errors on single instance so used
> > > > >>>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
> > > > >>>>>>>>>>>>>>>>>>>> for CSRF token, again I think we need a fix here
> > > > >>>> from
> > > > >>>>>>>>>>>>> Ignite.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am running
> on
> > > > >>>>>> single
> > > > >>>>>>>>>>>>>> instance,
> > > > >>>>>>>>>>>>>>>>> you
> > > > >>>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance
> > > having
> > > > >>>>>> proxy
> > > > >>>>>>>>>>>> in
> > > > >>>>>>>>>>>>>>>> front (
> > > > >>>>>>>>>>>>>>>>>> F5,
> > > > >>>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no
> > sticky
> > > > >>>>>> session
> > > > >>>>>>>>>>>> on
> > > > >>>>>>>>>>>>> F5
> > > > >>>>>>>>>>>>>>>> OR
> > > > >>>>>>>>>>>>>>>>>>>> proxies ).
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> We were thinking with round robin the user
> session
> > > > >>>> will
> > > > >>>>>>>>>>>> active
> > > > >>>>>>>>>>>>>>>> since
> > > > >>>>>>>>>>>>>>>>> we
> > > > >>>>>>>>>>>>>>>>>>>> used session replication on backend.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Do let me know if you need more information
> here.
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> Rishi
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> > > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> Val,
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have
> > asked
> > > > >>>> for
> > > > >>>>>> an
> > > > >>>>>>>>>>>>>>>> approval to
> > > > >>>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take day
> > or
> > > > >>>> two.
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> I will keep you posted.
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> Thanks for all your help,
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> > > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send
> it
> > > > >>>>>> across to
> > > > >>>>>>>>>>>>> you.
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> > > > >>>> Kulichenko <
> > > > >>>>>>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> Rishi,
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we should
> > > start
> > > > >>>>>>> with.
> > > > >>>>>>>>>>>> I
> > > > >>>>>>>>>>>>>>>> want to
> > > > >>>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
> > > > >>>> supported
> > > > >>>>>>> (if
> > > > >>>>>>>>>>>>> any)
> > > > >>>>>>>>>>>>>>>> and
> > > > >>>>>>>>>>>>>>>>>> then
> > > > >>>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to
> > reuse
> > > > >>>>>>> existing
> > > > >>>>>>>>>>>>>> code
> > > > >>>>>>>>>>>>>>>> as
> > > > >>>>>>>>>>>>>>>>>>>>>>> much as
> > > > >>>>>>>>>>>>>>>>>>>>>>> possible.
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the
> > problem
> > > > >>>> you
> > > > >>>>>> had
> > > > >>>>>>>>>>>> and
> > > > >>>>>>>>>>>>>> how
> > > > >>>>>>>>>>>>>>>>> you
> > > > >>>>>>>>>>>>>>>>>>>>>>> tried
> > > > >>>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering?
> Can
> > > you
> > > > >>>>>> share
> > > > >>>>>>>>>>>> it
> > > > >>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>> us?
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi
> Yagnik
> > <
> > > > >>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Hi Val,
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring
> > security
> > > > >>>>>> and we
> > > > >>>>>>>>>>>>>> found
> > > > >>>>>>>>>>>>>>>> out
> > > > >>>>>>>>>>>>>>>>>>>>>>> that the
> > > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does not
> > work
> > > > >>>> for
> > > > >>>>>>>>>>>>> session
> > > > >>>>>>>>>>>>>>>>>>>>>>> management on
> > > > >>>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in
> > result
> > > in
> > > > >>>>>> some
> > > > >>>>>>>>>>>>>> weird
> > > > >>>>>>>>>>>>>>>>>> errors
> > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security
> > > somehow,
> > > > >>>>>> we
> > > > >>>>>>>>>>>> need
> > > > >>>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>>> write
> > > > >>>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web
> > session
> > > > >>>>>> filter
> > > > >>>>>>>>>>>>>> would
> > > > >>>>>>>>>>>>>>>>> work
> > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> > > > >>>>>> Kulichenko <
> > > > >>>>>>>>>>>>>>>>>>>>>>>> [hidden email]
> <javascript:;>>
> > wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
> > > > >>>>>> clustering
> > > > >>>>>>>>>>>>>> feature
> > > > >>>>>>>>>>>>>>>>> [1]
> > > > >>>>>>>>>>>>>>>>>>>>>>> provided
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session
> docs
> > > and
> > > > >>>>>> it
> > > > >>>>>>>>>>>>> seems
> > > > >>>>>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>>> me
> > > > >>>>>>>>>>>>>>>>>>>>>>> it does
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession
> with
> > > > >>>> custom
> > > > >>>>>>>>>>>>>>>>>> implementation
> > > > >>>>>>>>>>>>>>>>>>>>>>> that
> > > > >>>>>>>>>>>>>>>>>>>>>>>> has
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide
> any
> > > > >>>>>>>>>>>> additional
> > > > >>>>>>>>>>>>>> API
> > > > >>>>>>>>>>>>>>>> or
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand
> the
> > > > >>>>>> benefit
> > > > >>>>>>>>>>>> of
> > > > >>>>>>>>>>>>>> this
> > > > >>>>>>>>>>>>>>>>>>>>>>> feature.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > > > >>>>>>>>>>>>> readme.io/docs/web-session-
> > > > >>>>>>>>>>>>>>>>>> clustering
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> -Val
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi
> > Yagnik <
> > > > >>>>>>>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session
> replication
> > /
> > > > >>>> fail
> > > > >>>>>>>>>>>>> over
> > > > >>>>>>>>>>>>>>>>> design
> > > > >>>>>>>>>>>>>>>>>> on
> > > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is
> the
> > > > >>>> best
> > > > >>>>>>>>>>>> out
> > > > >>>>>>>>>>>>> to
> > > > >>>>>>>>>>>>>>>> get
> > > > >>>>>>>>>>>>>>>>>>>>>>> started
> > > > >>>>>>>>>>>>>>>>>>>>>>>>> here ?
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Make use of Spring Session for session
> > > > >>>>>>>>>>>>> replication
> > > > >>>>>>>>>>>>>>>> and
> > > > >>>>>>>>>>>>>>>>>> fail
> > > > >>>>>>>>>>>>>>>>>>>>>>> over
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Extend the web session filter and make
> it
> > > > >>>> work
> > > > >>>>>>>>>>>> on
> > > > >>>>>>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>>>>>>>>> boot
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> application
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would be
> to
> > > get
> > > > >>>>>>>>>>>>> started
> > > > >>>>>>>>>>>>>>>> here
> > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for
> > feedback
> > > > >>>>>> here.
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>> --
> > > > >>>>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>>>
> > > > >>>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>>> --
> > > > >>>>>>>>>>>> Rishi Yagnik
> > > > >>>>>>>>>>>>
> > > > >>>>>>>>>>
> > > > >>>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>> --
> > > > >>>>>>>> Rishi Yagnik
> > > > >>>>>>>>
> > > > >>>>>>>
> > > > >>>>>>>
> > > > >>>>>>>
> > > > >>>>>>> --
> > > > >>>>>>> Rishi Yagnik
> > > > >>>>>>>
> > > > >>>>>>
> > > > >>>>>
> > > > >>>>>
> > > > >>>>>
> > > > >>>>> --
> > > > >>>>> Rishi Yagnik
> > > > >>>>>
> > > > >>>>
> > > > >>>>
> > > > >>>>
> > > > >>>> --
> > > > >>>> Rishi Yagnik
> > > > >>>>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Rishi Yagnik
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Rishi Yagnik
> >
>

> Hi Rishi,
>
> What was the issue with the HttpSessionCsrfTokenRepository? I didn't have
> any problems after I added code you provided.
>
> The fix for [1] is already in master. Can you try building from there and
> check if everything works fine for you?
>
> [1] https://issues.apache.org/jira/browse/IGNITE-4948
>
> -Val
>
> On Sat, Mar 18, 2017 at 5:15 PM, Denis Magda <[hidden email]> wrote:
>
> > Somewhere in April. This will be clarified on the dev list soon.
> >
> > On Saturday, March 18, 2017, Rishi Yagnik <[hidden email]> wrote:
> >
> > > Thanks, Val.
> > >
> > > When are we going to release Ignite 2.0 ? June ??
> > >
> > > Thanks,
> > >
> > > On Sat, Mar 18, 2017 at 6:02 AM, Valentin Kulichenko <
> > > [hidden email] <javascript:;>> wrote:
> > >
> > > > Denis,
> > > >
> > > > Yes, this should be possible. I will try to finalize the fix asap.
> > > >
> > > > -Val
> > > >
> > > > On Fri, Mar 17, 2017 at 7:46 PM, Denis Magda <[hidden email]
> > > <javascript:;>> wrote:
> > > >
> > > > > Val,
> > > > >
> > > > > Will it be possible to incorporate the fix into the nearest 2.0
> > > release?
> > > > >
> > > > > —
> > > > > Denis
> > > > >
> > > > > > On Mar 17, 2017, at 11:43 AM, Rishi Yagnik <
> [hidden email]
> > > <javascript:;>>
> > > > > wrote:
> > > > > >
> > > > > > Hi Val,
> > > > > >
> > > > > > Hope you are well, any update on web session clustering.
> > > > > >
> > > > > > Thanks,
> > > > > > Rishi
> > > > > >
> > > > > > On Sat, Mar 11, 2017 at 12:29 PM, Rishi Yagnik <
> > > [hidden email] <javascript:;>>
> > > > > > wrote:
> > > > > >
> > > > > >> Hi Val,
> > > > > >>
> > > > > >> Thanks looking forward for the fix..
> > > > > >>
> > > > > >> Take Care,
> > > > > >> Rishi
> > > > > >>
> > > > > >>> On Mar 11, 2017, at 11:31 AM, Valentin Kulichenko <
> > > > > >> [hidden email] <javascript:;>> wrote:
> > > > > >>>
> > > > > >>> Hi Rishi,
> > > > > >>>
> > > > > >>> I want to fix the bug first. It takes a bit longer than I
> > thought,
> > > > but
> > > > > I
> > > > > >>> should finish it over the weekend.
> > > > > >>>
> > > > > >>> -Val
> > > > > >>>
> > > > > >>>> On Fri, Mar 10, 2017 at 4:13 AM, Rishi Yagnik <
> > > > [hidden email] <javascript:;>>
> > > > > >> wrote:
> > > > > >>>>
> > > > > >>>> Hi Val,
> > > > > >>>>
> > > > > >>>> Did you chance to look into session handling issue ?
> > > > > >>>>
> > > > > >>>> Thanks,
> > > > > >>>>
> > > > > >>>> On Mon, Mar 6, 2017 at 3:37 PM, Rishi Yagnik <
> > > [hidden email] <javascript:;>
> > > > >
> > > > > >>>> wrote:
> > > > > >>>>
> > > > > >>>>> Hi Val,
> > > > > >>>>>
> > > > > >>>>> Do you think I can test a fix in 1.9 RC releases ? How are
> you
> > > > > planning
> > > > > >>>> to
> > > > > >>>>> release a fix ?
> > > > > >>>>>
> > > > > >>>>> Did you also look into problem where storing xsrf token in
> > Ignite
> > > > > >> returns
> > > > > >>>>> an exception and does not behave as expected ?
> > > > > >>>>>
> > > > > >>>>> In SecurityConfig.java use HttpSessionCsrfTokenRepository
> with
> > > > > >> following
> > > > > >>>>> code -
> > > > > >>>>>
> > > > > >>>>> .csrfTokenRepository(csrfTokenRepository())
> > > > > >>>>>
> > > > > >>>>> private CsrfTokenRepository csrfTokenRepository() {
> > > > > >>>>>   HttpSessionCsrfTokenRepository repository = new
> > > > > >>>> HttpSessionCsrfTokenRepository();
> > > > > >>>>>   repository.setHeaderName("X-XSRF-TOKEN");
> > > > > >>>>>   return repository;
> > > > > >>>>> }
> > > > > >>>>>
> > > > > >>>>> Thank you for all your help,
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>> On Mon, Mar 6, 2017 at 2:34 PM, Valentin Kulichenko <
> > > > > >>>>> [hidden email] <javascript:;>> wrote:
> > > > > >>>>>
> > > > > >>>>>> Hi Rishi,
> > > > > >>>>>>
> > > > > >>>>>> I got to the bottom of it. Basically, the session is
> replaced
> > in
> > > > > >> Spring
> > > > > >>>>>> filter, but caching happens based on the old version which
> > > doesn't
> > > > > >> have
> > > > > >>>>>> security attributes. The fix is going to be very easy, I
> will
> > do
> > > > it
> > > > > >>>>>> tomorrow.
> > > > > >>>>>>
> > > > > >>>>>> -Val
> > > > > >>>>>>
> > > > > >>>>>> On Mon, Mar 6, 2017 at 7:34 PM, Rishi Yagnik <
> > > > [hidden email] <javascript:;>
> > > > > >
> > > > > >>>>>> wrote:
> > > > > >>>>>>
> > > > > >>>>>>> Val,
> > > > > >>>>>>>
> > > > > >>>>>>> Did you get chance to play around with the code ?
> > > > > >>>>>>>
> > > > > >>>>>>> Thanks,
> > > > > >>>>>>>
> > > > > >>>>>>> On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <
> > > > > [hidden email] <javascript:;>>
> > > > > >>>>>>> wrote:
> > > > > >>>>>>>
> > > > > >>>>>>>> Val,
> > > > > >>>>>>>>
> > > > > >>>>>>>> Adding a filter before csrf filter will invoke the custom
> > > ignite
> > > > > >>>>>> filter.
> > > > > >>>>>>>>
> > > > > >>>>>>>> Declare a custom filter class extends it with websession
> > > filter
> > > > > >>>>>>>>
> > > > > >>>>>>>> public class CustomWebSessionFilter extends
> > WebSessionFilter {
> > > > > >>>>>>>>
> > > > > >>>>>>>>        private static boolean igniteInitialize = false
> > > > > >>>>>>>>
> > > > > >>>>>>>> @Override public void doFilter(ServletRequest req,
> > > > ServletResponse
> > > > > >>>>>> res,
> > > > > >>>>>>>> FilterChain chain)
> > > > > >>>>>>>>           throws IOException, ServletException {
> > > > > >>>>>>>>       if(!igniteInitialize) {
> > > > > >>>>>>>>           super.init(new FilterConfig() {
> > > > > >>>>>>>>               @Override
> > > > > >>>>>>>>               public String getFilterName() {
> > > > > >>>>>>>>                   return "CustomWebSessionFilter";
> > > > > >>>>>>>>               }
> > > > > >>>>>>>>
> > > > > >>>>>>>>               @Override
> > > > > >>>>>>>>               public ServletContext getServletContext() {
> > > > > >>>>>>>>                   return req.getServletContext();
> > > > > >>>>>>>>               }
> > > > > >>>>>>>>
> > > > > >>>>>>>>               @Override
> > > > > >>>>>>>>               public String getInitParameter(String name)
> {
> > > > > >>>>>>>>                   return null;
> > > > > >>>>>>>>               }
> > > > > >>>>>>>>
> > > > > >>>>>>>>               @Override
> > > > > >>>>>>>>               public Enumeration<String>
> > > > getInitParameterNames() {
> > > > > >>>>>>>>                   return null;
> > > > > >>>>>>>>               }
> > > > > >>>>>>>>           });
> > > > > >>>>>>>>           igniteInitialize = true;
> > > > > >>>>>>>>       }
> > > > > >>>>>>>>       super.doFilter(req,res,chain);
> > > > > >>>>>>>>   }
> > > > > >>>>>>>> }
> > > > > >>>>>>>>
> > > > > >>>>>>>> And in SecurityConfig.java add following line to invoke
> > filter
> > > > > >>>> before
> > > > > >>>>>>>> Ignite Web Session filter -
> > > > > >>>>>>>>
> > > > > >>>>>>>> .addFilterBefore(new ArWebSessionFilter(),
> CsrfFilter.class)
> > > > > >>>>>>>>
> > > > > >>>>>>>> Hope it helps..
> > > > > >>>>>>>>
> > > > > >>>>>>>> Thanks,
> > > > > >>>>>>>>
> > > > > >>>>>>>> On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
> > > > > >>>>>>>> [hidden email] <javascript:;>> wrote:
> > > > > >>>>>>>>
> > > > > >>>>>>>>> Rishi,
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> Can you please share how you forced Ignite filter to be
> > > invoked
> > > > > >>>>>> before
> > > > > >>>>>>>>> security filter?
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> -Val
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <
> > > > > >>>> [hidden email] <javascript:;>
> > > > > >>>>>>>
> > > > > >>>>>>>>> wrote:
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>> Hi Val,
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> Thanks for the response, we have executed ignite filter
> > > before
> > > > > >>>>>> spring
> > > > > >>>>>>>>>> security filter but somehow the ignite filter does not
> do
> > > the
> > > > > job
> > > > > >>>>>> of
> > > > > >>>>>>>>>> setting spring principle context.
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> As a result even though we have spring principle in
> > session,
> > > > > >>>> spring
> > > > > >>>>>>>>> filter
> > > > > >>>>>>>>>> does not recognize it and sends us back to log in page.
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> I think there s some more work needed here to change the
> > > > filter
> > > > > >>>> and
> > > > > >>>>>>> make
> > > > > >>>>>>>>>> it work with spring boot application.
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> Take Care,
> > > > > >>>>>>>>>> Rishi
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>>> On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > > > > >>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> Hi Rishi,
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> I did some debugging. Apparently, the reason for this
> > > > behavior
> > > > > >>>> is
> > > > > >>>>>>> that
> > > > > >>>>>>>>>>> Spring Security filter resides before Ignite's filter
> in
> > > the
> > > > > >>>>>> chain
> > > > > >>>>>>>>> list.
> > > > > >>>>>>>>>> I
> > > > > >>>>>>>>>>> think that eventually this should be fixed in the
> > product,
> > > > but
> > > > > >>>> in
> > > > > >>>>>>> the
> > > > > >>>>>>>>>>> meantime there must be a way to work around the problem
> > by
> > > > > >>>>>>> controlling
> > > > > >>>>>>>>>> the
> > > > > >>>>>>>>>>> order. Do you know how this can be done in Spring Boot?
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> -Val
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>>> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <
> > > > > >>>>>>> [hidden email] <javascript:;>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Hi Val,
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Sorry for pestering, thanks for all your help.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> Rishi
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > > > > >>>>>>>>>>>> [hidden email] <javascript:;>> wrote:
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> Hi Rishi,
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> Sorry, not yet. But this on my short list of TODOs,
> > will
> > > > try
> > > > > >>>> to
> > > > > >>>>>>>>> give an
> > > > > >>>>>>>>>>>>> update as soon as possible.
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> -Val
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <
> > > > > >>>>>>>>> [hidden email] <javascript:;>>
> > > > > >>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Hi Val,
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> any update on session replication issue ?
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> Thanks,
> > > > > >>>>>>>>>>>>>> Rishi
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> > > > > >>>>>>>>> [hidden email] <javascript:;>>
> > > > > >>>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> Thanks Val for looking into it.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin
> Kulichenko
> > <
> > > > > >>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> wrote:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>> Hi Rishi,
> > > > > >>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>> Got it, I think I'm reproducing the issue. I'll
> > take a
> > > > > >>>> look
> > > > > >>>>>> and
> > > > > >>>>>>>>> let
> > > > > >>>>>>>>>>>>> you
> > > > > >>>>>>>>>>>>>>>> know my findings soon.
> > > > > >>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>> -Val
> > > > > >>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > > > > >>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > > >>>>>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>> Hi Val,
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>> The issue will occur in cluster environment,
> please
> > > > setup
> > > > > >>>>>> the
> > > > > >>>>>>>>>>>> spring
> > > > > >>>>>>>>>>>>>>>> boot
> > > > > >>>>>>>>>>>>>>>>> on 2 different host with LB (F5 OR Reverse proxy)
> > in
> > > > > >>>> front
> > > > > >>>>>> and
> > > > > >>>>>>>>> try
> > > > > >>>>>>>>>>>>> to
> > > > > >>>>>>>>>>>>>>>>> login.
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>> In cluster environment, Spring security does not
> > > > > >>>> recognize
> > > > > >>>>>> the
> > > > > >>>>>>>>>>>>> session
> > > > > >>>>>>>>>>>>>>>> on
> > > > > >>>>>>>>>>>>>>>>> the host you are not logged in, as a result,
> spring
> > > > > >>>>>> security
> > > > > >>>>>>>>> will
> > > > > >>>>>>>>>>>>>>>> redirect
> > > > > >>>>>>>>>>>>>>>>> to login url however the correct behavior should
> be
> > > > that
> > > > > >>>>>> user
> > > > > >>>>>>>>>>>> would
> > > > > >>>>>>>>>>>>>> stay
> > > > > >>>>>>>>>>>>>>>>> logged in with session replication.
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>> Do let me know if you need more information.
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>> Thanks,
> > > > > >>>>>>>>>>>>>>>>> Rishi
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin
> > Kulichenko
> > > <
> > > > > >>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > wrote:
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > > >>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>> I was able to build and run the application. Can
> > you
> > > > > >>>> give
> > > > > >>>>>>> some
> > > > > >>>>>>>>>>>>>>>>> description
> > > > > >>>>>>>>>>>>>>>>>> on what should I test to understand the issue?
> > What
> > > > > >>>>>> exactly
> > > > > >>>>>>>>>>>> didn't
> > > > > >>>>>>>>>>>>>>>> work
> > > > > >>>>>>>>>>>>>>>>> for
> > > > > >>>>>>>>>>>>>>>>>> you?
> > > > > >>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>> -Val
> > > > > >>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin
> > > Kulichenko
> > > > <
> > > > > >>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > wrote:
> > > > > >>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > > >>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>> Thanks, I'll take a look.
> > > > > >>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>> -Val
> > > > > >>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> > > > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > > >>>>>>>>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> Hi Val,
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> As promised, please find attached code for
> > spring
> > > > boot
> > > > > >>>>>>>>>>>>>> integration
> > > > > >>>>>>>>>>>>>>>>> with
> > > > > >>>>>>>>>>>>>>>>>>>> spring security along with Ignite.
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> Some more information on project -
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB
> > 1.4.3 )
> > > > > >>>>>>>>>>>>>>>>>>>> - spring security integrated with boot project
> > > along
> > > > > >>>>>> with
> > > > > >>>>>>>>>>>>>> ignite
> > > > > >>>>>>>>>>>>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does
> not
> > > > > >>>> work,
> > > > > >>>>>>>>>>>> gives
> > > > > >>>>>>>>>>>>>>>>>>>> intermediate errors on single instance so used
> > > > > >>>>>>>>>>>>>>>>>> CookieCsrfTokenRepository
> > > > > >>>>>>>>>>>>>>>>>>>> for CSRF token, again I think we need a fix
> here
> > > > > >>>> from
> > > > > >>>>>>>>>>>>> Ignite.
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> I cant reproduce this errors while I am
> running
> > on
> > > > > >>>>>> single
> > > > > >>>>>>>>>>>>>> instance,
> > > > > >>>>>>>>>>>>>>>>> you
> > > > > >>>>>>>>>>>>>>>>>>>> need to run this app on 2 spring boot instance
> > > > having
> > > > > >>>>>> proxy
> > > > > >>>>>>>>>>>> in
> > > > > >>>>>>>>>>>>>>>> front (
> > > > > >>>>>>>>>>>>>>>>>> F5,
> > > > > >>>>>>>>>>>>>>>>>>>> OR any proxy ) with round robin fashion ( no
> > > sticky
> > > > > >>>>>> session
> > > > > >>>>>>>>>>>> on
> > > > > >>>>>>>>>>>>> F5
> > > > > >>>>>>>>>>>>>>>> OR
> > > > > >>>>>>>>>>>>>>>>>>>> proxies ).
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> We were thinking with round robin the user
> > session
> > > > > >>>> will
> > > > > >>>>>>>>>>>> active
> > > > > >>>>>>>>>>>>>>>> since
> > > > > >>>>>>>>>>>>>>>>> we
> > > > > >>>>>>>>>>>>>>>>>>>> used session replication on backend.
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> Do let me know if you need more information
> > here.
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> Thanks,
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> Rishi
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik
> <
> > > > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > > >>>>>>>>>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>> Val,
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>> My SB sample project is ready however I have
> > > asked
> > > > > >>>> for
> > > > > >>>>>> an
> > > > > >>>>>>>>>>>>>>>> approval to
> > > > > >>>>>>>>>>>>>>>>>>>>> submit sample project to you, it would take
> day
> > > or
> > > > > >>>> two.
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>> I will keep you posted.
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>> Thanks for all your help,
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi
> Yagnik <
> > > > > >>>>>>>>>>>>>>>> [hidden email] <javascript:;>
> > > > > >>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>> Let me build an example app for you and send
> > it
> > > > > >>>>>> across to
> > > > > >>>>>>>>>>>>> you.
> > > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin
> > > > > >>>> Kulichenko <
> > > > > >>>>>>>>>>>>>>>>>>>>>> [hidden email]
> <javascript:;>>
> > > wrote:
> > > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>> Rishi,
> > > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>> No I don't, and I think that's what we
> should
> > > > start
> > > > > >>>>>>> with.
> > > > > >>>>>>>>>>>> I
> > > > > >>>>>>>>>>>>>>>> want to
> > > > > >>>>>>>>>>>>>>>>>>>>>>> understand a use case that is currently not
> > > > > >>>> supported
> > > > > >>>>>>> (if
> > > > > >>>>>>>>>>>>> any)
> > > > > >>>>>>>>>>>>>>>> and
> > > > > >>>>>>>>>>>>>>>>>> then
> > > > > >>>>>>>>>>>>>>>>>>>>>>> find the best solution. And I would like to
> > > reuse
> > > > > >>>>>>> existing
> > > > > >>>>>>>>>>>>>> code
> > > > > >>>>>>>>>>>>>>>> as
> > > > > >>>>>>>>>>>>>>>>>>>>>>> much as
> > > > > >>>>>>>>>>>>>>>>>>>>>>> possible.
> > > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>> Do you have any code that reproduces the
> > > problem
> > > > > >>>> you
> > > > > >>>>>> had
> > > > > >>>>>>>>>>>> and
> > > > > >>>>>>>>>>>>>> how
> > > > > >>>>>>>>>>>>>>>>> you
> > > > > >>>>>>>>>>>>>>>>>>>>>>> tried
> > > > > >>>>>>>>>>>>>>>>>>>>>>> to utilize current web session clustering?
> > Can
> > > > you
> > > > > >>>>>> share
> > > > > >>>>>>>>>>>> it
> > > > > >>>>>>>>>>>>>> with
> > > > > >>>>>>>>>>>>>>>>> us?
> > > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>> -Val
> > > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi
> > Yagnik
> > > <
> > > > > >>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> Hi Val,
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> I am working on SB platform with spring
> > > security
> > > > > >>>>>> and we
> > > > > >>>>>>>>>>>>>> found
> > > > > >>>>>>>>>>>>>>>> out
> > > > > >>>>>>>>>>>>>>>>>>>>>>> that the
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter ignite provides does
> not
> > > work
> > > > > >>>> for
> > > > > >>>>>>>>>>>>> session
> > > > > >>>>>>>>>>>>>>>>>>>>>>> management on
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> 2 node spring boot cluster.
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> Somehow, spring security filter kicks in
> > > result
> > > > in
> > > > > >>>>>> some
> > > > > >>>>>>>>>>>>>> weird
> > > > > >>>>>>>>>>>>>>>>>> errors
> > > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> web session filter.
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> So making compatible with spring security
> > > > somehow,
> > > > > >>>>>> we
> > > > > >>>>>>>>>>>> need
> > > > > >>>>>>>>>>>>>> to
> > > > > >>>>>>>>>>>>>>>>> write
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> implementation on spring session.
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> Do you have any test cases that says web
> > > session
> > > > > >>>>>> filter
> > > > > >>>>>>>>>>>>>> would
> > > > > >>>>>>>>>>>>>>>>> work
> > > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> spring security on boot platform ?
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> Thanks,
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin
> > > > > >>>>>> Kulichenko <
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> [hidden email]
> > <javascript:;>>
> > > wrote:
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> Hi Rishi,
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> Can you please take a look at web session
> > > > > >>>>>> clustering
> > > > > >>>>>>>>>>>>>> feature
> > > > > >>>>>>>>>>>>>>>>> [1]
> > > > > >>>>>>>>>>>>>>>>>>>>>>> provided
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session
> > docs
> > > > and
> > > > > >>>>>> it
> > > > > >>>>>>>>>>>>> seems
> > > > > >>>>>>>>>>>>>>>> to
> > > > > >>>>>>>>>>>>>>>>> me
> > > > > >>>>>>>>>>>>>>>>>>>>>>> it does
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> exactly the same - replaces HttpSession
> > with
> > > > > >>>> custom
> > > > > >>>>>>>>>>>>>>>>>> implementation
> > > > > >>>>>>>>>>>>>>>>>>>>>>> that
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> has
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> a backend storage. If it doesn't provide
> > any
> > > > > >>>>>>>>>>>> additional
> > > > > >>>>>>>>>>>>>> API
> > > > > >>>>>>>>>>>>>>>> or
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> functionality, I'm not sure I understand
> > the
> > > > > >>>>>> benefit
> > > > > >>>>>>>>>>>> of
> > > > > >>>>>>>>>>>>>> this
> > > > > >>>>>>>>>>>>>>>>>>>>>>> feature.
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> Let me know if I'm missing something.
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > > > > >>>>>>>>>>>>> readme.io/docs/web-session-
> > > > > >>>>>>>>>>>>>>>>>> clustering
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> -Val
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi
> > > Yagnik <
> > > > > >>>>>>>>>>>>>>>>>>>>>>> [hidden email] <javascript:;>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> I would like to discuss session
> > replication
> > > /
> > > > > >>>> fail
> > > > > >>>>>>>>>>>>> over
> > > > > >>>>>>>>>>>>>>>>> design
> > > > > >>>>>>>>>>>>>>>>>> on
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> boot platform and wanted to find what is
> > the
> > > > > >>>> best
> > > > > >>>>>>>>>>>> out
> > > > > >>>>>>>>>>>>> to
> > > > > >>>>>>>>>>>>>>>> get
> > > > > >>>>>>>>>>>>>>>>>>>>>>> started
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>> here ?
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> Possible approaches are as follows -
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Make use of Spring Session for session
> > > > > >>>>>>>>>>>>> replication
> > > > > >>>>>>>>>>>>>>>> and
> > > > > >>>>>>>>>>>>>>>>>> fail
> > > > > >>>>>>>>>>>>>>>>>>>>>>> over
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> - Extend the web session filter and make
> > it
> > > > > >>>> work
> > > > > >>>>>>>>>>>> on
> > > > > >>>>>>>>>>>>>>>> spring
> > > > > >>>>>>>>>>>>>>>>>>>>>>> boot
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> application
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> I am thinking that best approach would
> be
> > to
> > > > get
> > > > > >>>>>>>>>>>>> started
> > > > > >>>>>>>>>>>>>>>> here
> > > > > >>>>>>>>>>>>>>>>>>>>>>> with
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> spring
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> session design however I am open for
> > > feedback
> > > > > >>>>>> here.
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> --
> > > > > >>>>>>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>>>
> > > > > >>>>>>>> --
> > > > > >>>>>>>> Rishi Yagnik
> > > > > >>>>>>>>
> > > > > >>>>>>>
> > > > > >>>>>>>
> > > > > >>>>>>>
> > > > > >>>>>>> --
> > > > > >>>>>>> Rishi Yagnik
> > > > > >>>>>>>
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>> --
> > > > > >>>>> Rishi Yagnik
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>> --
> > > > > >>>> Rishi Yagnik
> > > > > >>>>
> > > > > >>
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Rishi Yagnik
> > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Rishi Yagnik
> > >
> >
>