IGNITE-2741 - spring session design
Locked
12
12
IGNITE-2741 - spring session design
 
|
I would like to discuss session replication / fail over design on spring
boot platform and wanted to find what is the best out to get started here ? Possible approaches are as follows - - Make use of Spring Session for session replication and fail over - Extend the web session filter and make it work on spring boot application I am thinking that best approach would be to get started here with spring session design however I am open for feedback here. -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Hi Rishi,
Can you please take a look at web session clustering feature [1] provided by Ignite? I'm looking at Spring Session docs and it seems to me it does exactly the same - replaces HttpSession with custom implementation that has a backend storage. If it doesn't provide any additional API or functionality, I'm not sure I understand the benefit of this feature. Let me know if I'm missing something. [1] https://apacheignite-mix.readme.io/docs/web-session-clustering -Val On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <[hidden email]> wrote: > I would like to discuss session replication / fail over design on spring > boot platform and wanted to find what is the best out to get started here ? > > Possible approaches are as follows - > > - Make use of Spring Session for session replication and fail over > - Extend the web session filter and make it work on spring boot > application > > > I am thinking that best approach would be to get started here with spring > session design however I am open for feedback here. > > -- > Rishi Yagnik > |
Re: IGNITE-2741 - spring session design
|
|
Hi Val,
I am working on SB platform with spring security and we found out that the web session filter ignite provides does not work for session management on 2 node spring boot cluster. Somehow, spring security filter kicks in result in some weird errors with web session filter. So making compatible with spring security somehow, we need to write implementation on spring session. Do you have any test cases that says web session filter would work with spring security on boot platform ? Thanks, On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < [hidden email]> wrote: > Hi Rishi, > > Can you please take a look at web session clustering feature [1] provided > by Ignite? I'm looking at Spring Session docs and it seems to me it does > exactly the same - replaces HttpSession with custom implementation that has > a backend storage. If it doesn't provide any additional API or > functionality, I'm not sure I understand the benefit of this feature. > > Let me know if I'm missing something. > > [1] https://apacheignite-mix.readme.io/docs/web-session-clustering > > -Val > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <[hidden email]> > wrote: > > > I would like to discuss session replication / fail over design on spring > > boot platform and wanted to find what is the best out to get started > here ? > > > > Possible approaches are as follows - > > > > - Make use of Spring Session for session replication and fail over > > - Extend the web session filter and make it work on spring boot > > application > > > > > > I am thinking that best approach would be to get started here with spring > > session design however I am open for feedback here. > > > > -- > > Rishi Yagnik > > > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Rishi,
No I don't, and I think that's what we should start with. I want to understand a use case that is currently not supported (if any) and then find the best solution. And I would like to reuse existing code as much as possible. Do you have any code that reproduces the problem you had and how you tried to utilize current web session clustering? Can you share it with us? -Val On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <[hidden email]> wrote: > Hi Val, > > I am working on SB platform with spring security and we found out that the > web session filter ignite provides does not work for session management on > 2 node spring boot cluster. > > Somehow, spring security filter kicks in result in some weird errors with > web session filter. > > So making compatible with spring security somehow, we need to write > implementation on spring session. > > Do you have any test cases that says web session filter would work with > spring security on boot platform ? > > Thanks, > > > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > [hidden email]> wrote: > > > Hi Rishi, > > > > Can you please take a look at web session clustering feature [1] provided > > by Ignite? I'm looking at Spring Session docs and it seems to me it does > > exactly the same - replaces HttpSession with custom implementation that > has > > a backend storage. If it doesn't provide any additional API or > > functionality, I'm not sure I understand the benefit of this feature. > > > > Let me know if I'm missing something. > > > > [1] https://apacheignite-mix.readme.io/docs/web-session-clustering > > > > -Val > > > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <[hidden email]> > > wrote: > > > > > I would like to discuss session replication / fail over design on > spring > > > boot platform and wanted to find what is the best out to get started > > here ? > > > > > > Possible approaches are as follows - > > > > > > - Make use of Spring Session for session replication and fail over > > > - Extend the web session filter and make it work on spring boot > > > application > > > > > > > > > I am thinking that best approach would be to get started here with > spring > > > session design however I am open for feedback here. > > > > > > -- > > > Rishi Yagnik > > > > > > > > > -- > Rishi Yagnik > |
Re: IGNITE-2741 - spring session design
|
|
Let me build an example app for you and send it across to you.
Thanks, On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < [hidden email]> wrote: > Rishi, > > No I don't, and I think that's what we should start with. I want to > understand a use case that is currently not supported (if any) and then > find the best solution. And I would like to reuse existing code as much as > possible. > > Do you have any code that reproduces the problem you had and how you tried > to utilize current web session clustering? Can you share it with us? > > -Val > > On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <[hidden email]> > wrote: > > > Hi Val, > > > > I am working on SB platform with spring security and we found out that > the > > web session filter ignite provides does not work for session management > on > > 2 node spring boot cluster. > > > > Somehow, spring security filter kicks in result in some weird errors with > > web session filter. > > > > So making compatible with spring security somehow, we need to write > > implementation on spring session. > > > > Do you have any test cases that says web session filter would work with > > spring security on boot platform ? > > > > Thanks, > > > > > > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > [hidden email]> wrote: > > > > > Hi Rishi, > > > > > > Can you please take a look at web session clustering feature [1] > provided > > > by Ignite? I'm looking at Spring Session docs and it seems to me it > does > > > exactly the same - replaces HttpSession with custom implementation that > > has > > > a backend storage. If it doesn't provide any additional API or > > > functionality, I'm not sure I understand the benefit of this feature. > > > > > > Let me know if I'm missing something. > > > > > > [1] https://apacheignite-mix.readme.io/docs/web-session-clustering > > > > > > -Val > > > > > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <[hidden email]> > > > wrote: > > > > > > > I would like to discuss session replication / fail over design on > > spring > > > > boot platform and wanted to find what is the best out to get started > > > here ? > > > > > > > > Possible approaches are as follows - > > > > > > > > - Make use of Spring Session for session replication and fail over > > > > - Extend the web session filter and make it work on spring boot > > > > application > > > > > > > > > > > > I am thinking that best approach would be to get started here with > > spring > > > > session design however I am open for feedback here. > > > > > > > > -- > > > > Rishi Yagnik > > > > > > > > > > > > > > > -- > > Rishi Yagnik > > > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Val,
My SB sample project is ready however I have asked for an approval to submit sample project to you, it would take day or two. I will keep you posted. Thanks for all your help, On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <[hidden email]> wrote: > Let me build an example app for you and send it across to you. > > Thanks, > > On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > [hidden email]> wrote: > >> Rishi, >> >> No I don't, and I think that's what we should start with. I want to >> understand a use case that is currently not supported (if any) and then >> find the best solution. And I would like to reuse existing code as much as >> possible. >> >> Do you have any code that reproduces the problem you had and how you tried >> to utilize current web session clustering? Can you share it with us? >> >> -Val >> >> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <[hidden email]> >> wrote: >> >> > Hi Val, >> > >> > I am working on SB platform with spring security and we found out that >> the >> > web session filter ignite provides does not work for session management >> on >> > 2 node spring boot cluster. >> > >> > Somehow, spring security filter kicks in result in some weird errors >> with >> > web session filter. >> > >> > So making compatible with spring security somehow, we need to write >> > implementation on spring session. >> > >> > Do you have any test cases that says web session filter would work with >> > spring security on boot platform ? >> > >> > Thanks, >> > >> > >> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < >> > [hidden email]> wrote: >> > >> > > Hi Rishi, >> > > >> > > Can you please take a look at web session clustering feature [1] >> provided >> > > by Ignite? I'm looking at Spring Session docs and it seems to me it >> does >> > > exactly the same - replaces HttpSession with custom implementation >> that >> > has >> > > a backend storage. If it doesn't provide any additional API or >> > > functionality, I'm not sure I understand the benefit of this feature. >> > > >> > > Let me know if I'm missing something. >> > > >> > > [1] https://apacheignite-mix.readme.io/docs/web-session-clustering >> > > >> > > -Val >> > > >> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <[hidden email]> >> > > wrote: >> > > >> > > > I would like to discuss session replication / fail over design on >> > spring >> > > > boot platform and wanted to find what is the best out to get started >> > > here ? >> > > > >> > > > Possible approaches are as follows - >> > > > >> > > > - Make use of Spring Session for session replication and fail >> over >> > > > - Extend the web session filter and make it work on spring boot >> > > > application >> > > > >> > > > >> > > > I am thinking that best approach would be to get started here with >> > spring >> > > > session design however I am open for feedback here. >> > > > >> > > > -- >> > > > Rishi Yagnik >> > > > >> > > >> > >> > >> > >> > -- >> > Rishi Yagnik >> > >> > > > > -- > Rishi Yagnik > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Hi Val, As promised, please find attached code for spring boot integration with spring security along with Ignite.
I cant reproduce this errors while I am running on single instance, you need to run this app on 2 spring boot instance having proxy in front ( F5, OR any proxy ) with round robin fashion ( no sticky session on F5 OR proxies ). We were thinking with round robin the user session will active since we used session replication on backend. Do let me know if you need more information here. Thanks, Rishi On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <[hidden email]> wrote:
-- Rishi Yagnik
|
example-spring-boot-security-master.zip (163K)
Re: IGNITE-2741 - spring session design
|
|
Hi Rishi,
Thanks, I'll take a look. -Val On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <[hidden email]> wrote: > Hi Val, > > As promised, please find attached code for spring boot integration with > spring security along with Ignite. > > Some more information on project - > > - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > - spring security integrated with boot project along with ignite > - HttpSessionCookieCsrfTokenRepository does not work, gives > intermediate errors on single instance so used CookieCsrfTokenRepository > for CSRF token, again I think we need a fix here from Ignite. > > I cant reproduce this errors while I am running on single instance, you > need to run this app on 2 spring boot instance having proxy in front ( F5, > OR any proxy ) with round robin fashion ( no sticky session on F5 OR > proxies ). > > We were thinking with round robin the user session will active since we > used session replication on backend. > > Do let me know if you need more information here. > > Thanks, > > Rishi > > > > > On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <[hidden email]> > wrote: > >> Val, >> >> My SB sample project is ready however I have asked for an approval to >> submit sample project to you, it would take day or two. >> >> I will keep you posted. >> >> Thanks for all your help, >> >> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <[hidden email]> >> wrote: >> >>> Let me build an example app for you and send it across to you. >>> >>> Thanks, >>> >>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < >>> [hidden email]> wrote: >>> >>>> Rishi, >>>> >>>> No I don't, and I think that's what we should start with. I want to >>>> understand a use case that is currently not supported (if any) and then >>>> find the best solution. And I would like to reuse existing code as much >>>> as >>>> possible. >>>> >>>> Do you have any code that reproduces the problem you had and how you >>>> tried >>>> to utilize current web session clustering? Can you share it with us? >>>> >>>> -Val >>>> >>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <[hidden email]> >>>> wrote: >>>> >>>> > Hi Val, >>>> > >>>> > I am working on SB platform with spring security and we found out >>>> that the >>>> > web session filter ignite provides does not work for session >>>> management on >>>> > 2 node spring boot cluster. >>>> > >>>> > Somehow, spring security filter kicks in result in some weird errors >>>> with >>>> > web session filter. >>>> > >>>> > So making compatible with spring security somehow, we need to write >>>> > implementation on spring session. >>>> > >>>> > Do you have any test cases that says web session filter would work >>>> with >>>> > spring security on boot platform ? >>>> > >>>> > Thanks, >>>> > >>>> > >>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < >>>> > [hidden email]> wrote: >>>> > >>>> > > Hi Rishi, >>>> > > >>>> > > Can you please take a look at web session clustering feature [1] >>>> provided >>>> > > by Ignite? I'm looking at Spring Session docs and it seems to me it >>>> does >>>> > > exactly the same - replaces HttpSession with custom implementation >>>> that >>>> > has >>>> > > a backend storage. If it doesn't provide any additional API or >>>> > > functionality, I'm not sure I understand the benefit of this >>>> feature. >>>> > > >>>> > > Let me know if I'm missing something. >>>> > > >>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session-clustering >>>> > > >>>> > > -Val >>>> > > >>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < >>>> [hidden email]> >>>> > > wrote: >>>> > > >>>> > > > I would like to discuss session replication / fail over design on >>>> > spring >>>> > > > boot platform and wanted to find what is the best out to get >>>> started >>>> > > here ? >>>> > > > >>>> > > > Possible approaches are as follows - >>>> > > > >>>> > > > - Make use of Spring Session for session replication and fail >>>> over >>>> > > > - Extend the web session filter and make it work on spring boot >>>> > > > application >>>> > > > >>>> > > > >>>> > > > I am thinking that best approach would be to get started here with >>>> > spring >>>> > > > session design however I am open for feedback here. >>>> > > > >>>> > > > -- >>>> > > > Rishi Yagnik >>>> > > > >>>> > > >>>> > >>>> > >>>> > >>>> > -- >>>> > Rishi Yagnik >>>> > >>>> >>> >>> >>> >>> -- >>> Rishi Yagnik >>> >> >> >> >> -- >> Rishi Yagnik >> > > > > -- > Rishi Yagnik > |
Re: IGNITE-2741 - spring session design
|
|
Hi Rishi,
I was able to build and run the application. Can you give some description on what should I test to understand the issue? What exactly didn't work for you? -Val On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < [hidden email]> wrote: > Hi Rishi, > > Thanks, I'll take a look. > > -Val > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <[hidden email]> > wrote: > >> Hi Val, >> >> As promised, please find attached code for spring boot integration with >> spring security along with Ignite. >> >> Some more information on project - >> >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) >> - spring security integrated with boot project along with ignite >> - HttpSessionCookieCsrfTokenRepository does not work, gives >> intermediate errors on single instance so used CookieCsrfTokenRepository >> for CSRF token, again I think we need a fix here from Ignite. >> >> I cant reproduce this errors while I am running on single instance, you >> need to run this app on 2 spring boot instance having proxy in front ( F5, >> OR any proxy ) with round robin fashion ( no sticky session on F5 OR >> proxies ). >> >> We were thinking with round robin the user session will active since we >> used session replication on backend. >> >> Do let me know if you need more information here. >> >> Thanks, >> >> Rishi >> >> >> >> >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <[hidden email]> >> wrote: >> >>> Val, >>> >>> My SB sample project is ready however I have asked for an approval to >>> submit sample project to you, it would take day or two. >>> >>> I will keep you posted. >>> >>> Thanks for all your help, >>> >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <[hidden email]> >>> wrote: >>> >>>> Let me build an example app for you and send it across to you. >>>> >>>> Thanks, >>>> >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < >>>> [hidden email]> wrote: >>>> >>>>> Rishi, >>>>> >>>>> No I don't, and I think that's what we should start with. I want to >>>>> understand a use case that is currently not supported (if any) and then >>>>> find the best solution. And I would like to reuse existing code as >>>>> much as >>>>> possible. >>>>> >>>>> Do you have any code that reproduces the problem you had and how you >>>>> tried >>>>> to utilize current web session clustering? Can you share it with us? >>>>> >>>>> -Val >>>>> >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <[hidden email]> >>>>> wrote: >>>>> >>>>> > Hi Val, >>>>> > >>>>> > I am working on SB platform with spring security and we found out >>>>> that the >>>>> > web session filter ignite provides does not work for session >>>>> management on >>>>> > 2 node spring boot cluster. >>>>> > >>>>> > Somehow, spring security filter kicks in result in some weird errors >>>>> with >>>>> > web session filter. >>>>> > >>>>> > So making compatible with spring security somehow, we need to write >>>>> > implementation on spring session. >>>>> > >>>>> > Do you have any test cases that says web session filter would work >>>>> with >>>>> > spring security on boot platform ? >>>>> > >>>>> > Thanks, >>>>> > >>>>> > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < >>>>> > [hidden email]> wrote: >>>>> > >>>>> > > Hi Rishi, >>>>> > > >>>>> > > Can you please take a look at web session clustering feature [1] >>>>> provided >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems to me >>>>> it does >>>>> > > exactly the same - replaces HttpSession with custom implementation >>>>> that >>>>> > has >>>>> > > a backend storage. If it doesn't provide any additional API or >>>>> > > functionality, I'm not sure I understand the benefit of this >>>>> feature. >>>>> > > >>>>> > > Let me know if I'm missing something. >>>>> > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session-clustering >>>>> > > >>>>> > > -Val >>>>> > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < >>>>> [hidden email]> >>>>> > > wrote: >>>>> > > >>>>> > > > I would like to discuss session replication / fail over design on >>>>> > spring >>>>> > > > boot platform and wanted to find what is the best out to get >>>>> started >>>>> > > here ? >>>>> > > > >>>>> > > > Possible approaches are as follows - >>>>> > > > >>>>> > > > - Make use of Spring Session for session replication and fail >>>>> over >>>>> > > > - Extend the web session filter and make it work on spring >>>>> boot >>>>> > > > application >>>>> > > > >>>>> > > > >>>>> > > > I am thinking that best approach would be to get started here >>>>> with >>>>> > spring >>>>> > > > session design however I am open for feedback here. >>>>> > > > >>>>> > > > -- >>>>> > > > Rishi Yagnik >>>>> > > > >>>>> > > >>>>> > >>>>> > >>>>> > >>>>> > -- >>>>> > Rishi Yagnik >>>>> > >>>>> >>>> >>>> >>>> >>>> -- >>>> Rishi Yagnik >>>> >>> >>> >>> >>> -- >>> Rishi Yagnik >>> >> >> >> >> -- >> Rishi Yagnik >> > > |
Re: IGNITE-2741 - spring session design
|
|
Hi Val,
The issue will occur in cluster environment, please setup the spring boot on 2 different host with LB (F5 OR Reverse proxy) in front and try to login. In cluster environment, Spring security does not recognize the session on the host you are not logged in, as a result, spring security will redirect to login url however the correct behavior should be that user would stay logged in with session replication. Do let me know if you need more information. Thanks, Rishi On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < [hidden email]> wrote: > Hi Rishi, > > I was able to build and run the application. Can you give some description > on what should I test to understand the issue? What exactly didn't work for > you? > > -Val > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > [hidden email]> wrote: > > > Hi Rishi, > > > > Thanks, I'll take a look. > > > > -Val > > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <[hidden email]> > > wrote: > > > >> Hi Val, > >> > >> As promised, please find attached code for spring boot integration with > >> spring security along with Ignite. > >> > >> Some more information on project - > >> > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > >> - spring security integrated with boot project along with ignite > >> - HttpSessionCookieCsrfTokenRepository does not work, gives > >> intermediate errors on single instance so used > CookieCsrfTokenRepository > >> for CSRF token, again I think we need a fix here from Ignite. > >> > >> I cant reproduce this errors while I am running on single instance, you > >> need to run this app on 2 spring boot instance having proxy in front ( > F5, > >> OR any proxy ) with round robin fashion ( no sticky session on F5 OR > >> proxies ). > >> > >> We were thinking with round robin the user session will active since we > >> used session replication on backend. > >> > >> Do let me know if you need more information here. > >> > >> Thanks, > >> > >> Rishi > >> > >> > >> > >> > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <[hidden email]> > >> wrote: > >> > >>> Val, > >>> > >>> My SB sample project is ready however I have asked for an approval to > >>> submit sample project to you, it would take day or two. > >>> > >>> I will keep you posted. > >>> > >>> Thanks for all your help, > >>> > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <[hidden email]> > >>> wrote: > >>> > >>>> Let me build an example app for you and send it across to you. > >>>> > >>>> Thanks, > >>>> > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > >>>> [hidden email]> wrote: > >>>> > >>>>> Rishi, > >>>>> > >>>>> No I don't, and I think that's what we should start with. I want to > >>>>> understand a use case that is currently not supported (if any) and > then > >>>>> find the best solution. And I would like to reuse existing code as > >>>>> much as > >>>>> possible. > >>>>> > >>>>> Do you have any code that reproduces the problem you had and how you > >>>>> tried > >>>>> to utilize current web session clustering? Can you share it with us? > >>>>> > >>>>> -Val > >>>>> > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > [hidden email]> > >>>>> wrote: > >>>>> > >>>>> > Hi Val, > >>>>> > > >>>>> > I am working on SB platform with spring security and we found out > >>>>> that the > >>>>> > web session filter ignite provides does not work for session > >>>>> management on > >>>>> > 2 node spring boot cluster. > >>>>> > > >>>>> > Somehow, spring security filter kicks in result in some weird > errors > >>>>> with > >>>>> > web session filter. > >>>>> > > >>>>> > So making compatible with spring security somehow, we need to write > >>>>> > implementation on spring session. > >>>>> > > >>>>> > Do you have any test cases that says web session filter would work > >>>>> with > >>>>> > spring security on boot platform ? > >>>>> > > >>>>> > Thanks, > >>>>> > > >>>>> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > >>>>> > [hidden email]> wrote: > >>>>> > > >>>>> > > Hi Rishi, > >>>>> > > > >>>>> > > Can you please take a look at web session clustering feature [1] > >>>>> provided > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems to me > >>>>> it does > >>>>> > > exactly the same - replaces HttpSession with custom > implementation > >>>>> that > >>>>> > has > >>>>> > > a backend storage. If it doesn't provide any additional API or > >>>>> > > functionality, I'm not sure I understand the benefit of this > >>>>> feature. > >>>>> > > > >>>>> > > Let me know if I'm missing something. > >>>>> > > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session- > clustering > >>>>> > > > >>>>> > > -Val > >>>>> > > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > >>>>> [hidden email]> > >>>>> > > wrote: > >>>>> > > > >>>>> > > > I would like to discuss session replication / fail over design > on > >>>>> > spring > >>>>> > > > boot platform and wanted to find what is the best out to get > >>>>> started > >>>>> > > here ? > >>>>> > > > > >>>>> > > > Possible approaches are as follows - > >>>>> > > > > >>>>> > > > - Make use of Spring Session for session replication and > fail > >>>>> over > >>>>> > > > - Extend the web session filter and make it work on spring > >>>>> boot > >>>>> > > > application > >>>>> > > > > >>>>> > > > > >>>>> > > > I am thinking that best approach would be to get started here > >>>>> with > >>>>> > spring > >>>>> > > > session design however I am open for feedback here. > >>>>> > > > > >>>>> > > > -- > >>>>> > > > Rishi Yagnik > >>>>> > > > > >>>>> > > > >>>>> > > >>>>> > > >>>>> > > >>>>> > -- > >>>>> > Rishi Yagnik > >>>>> > > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Rishi Yagnik > >>>> > >>> > >>> > >>> > >>> -- > >>> Rishi Yagnik > >>> > >> > >> > >> > >> -- > >> Rishi Yagnik > >> > > > > > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Hi Rishi,
Got it, I think I'm reproducing the issue. I'll take a look and let you know my findings soon. -Val On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <[hidden email]> wrote: > Hi Val, > > The issue will occur in cluster environment, please setup the spring boot > on 2 different host with LB (F5 OR Reverse proxy) in front and try to > login. > > In cluster environment, Spring security does not recognize the session on > the host you are not logged in, as a result, spring security will redirect > to login url however the correct behavior should be that user would stay > logged in with session replication. > > Do let me know if you need more information. > > Thanks, > Rishi > > > > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > [hidden email]> wrote: > > > Hi Rishi, > > > > I was able to build and run the application. Can you give some > description > > on what should I test to understand the issue? What exactly didn't work > for > > you? > > > > -Val > > > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > > [hidden email]> wrote: > > > > > Hi Rishi, > > > > > > Thanks, I'll take a look. > > > > > > -Val > > > > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <[hidden email]> > > > wrote: > > > > > >> Hi Val, > > >> > > >> As promised, please find attached code for spring boot integration > with > > >> spring security along with Ignite. > > >> > > >> Some more information on project - > > >> > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > > >> - spring security integrated with boot project along with ignite > > >> - HttpSessionCookieCsrfTokenRepository does not work, gives > > >> intermediate errors on single instance so used > > CookieCsrfTokenRepository > > >> for CSRF token, again I think we need a fix here from Ignite. > > >> > > >> I cant reproduce this errors while I am running on single instance, > you > > >> need to run this app on 2 spring boot instance having proxy in front ( > > F5, > > >> OR any proxy ) with round robin fashion ( no sticky session on F5 OR > > >> proxies ). > > >> > > >> We were thinking with round robin the user session will active since > we > > >> used session replication on backend. > > >> > > >> Do let me know if you need more information here. > > >> > > >> Thanks, > > >> > > >> Rishi > > >> > > >> > > >> > > >> > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <[hidden email]> > > >> wrote: > > >> > > >>> Val, > > >>> > > >>> My SB sample project is ready however I have asked for an approval to > > >>> submit sample project to you, it would take day or two. > > >>> > > >>> I will keep you posted. > > >>> > > >>> Thanks for all your help, > > >>> > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <[hidden email] > > > > >>> wrote: > > >>> > > >>>> Let me build an example app for you and send it across to you. > > >>>> > > >>>> Thanks, > > >>>> > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > > >>>> [hidden email]> wrote: > > >>>> > > >>>>> Rishi, > > >>>>> > > >>>>> No I don't, and I think that's what we should start with. I want to > > >>>>> understand a use case that is currently not supported (if any) and > > then > > >>>>> find the best solution. And I would like to reuse existing code as > > >>>>> much as > > >>>>> possible. > > >>>>> > > >>>>> Do you have any code that reproduces the problem you had and how > you > > >>>>> tried > > >>>>> to utilize current web session clustering? Can you share it with > us? > > >>>>> > > >>>>> -Val > > >>>>> > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > > [hidden email]> > > >>>>> wrote: > > >>>>> > > >>>>> > Hi Val, > > >>>>> > > > >>>>> > I am working on SB platform with spring security and we found out > > >>>>> that the > > >>>>> > web session filter ignite provides does not work for session > > >>>>> management on > > >>>>> > 2 node spring boot cluster. > > >>>>> > > > >>>>> > Somehow, spring security filter kicks in result in some weird > > errors > > >>>>> with > > >>>>> > web session filter. > > >>>>> > > > >>>>> > So making compatible with spring security somehow, we need to > write > > >>>>> > implementation on spring session. > > >>>>> > > > >>>>> > Do you have any test cases that says web session filter would > work > > >>>>> with > > >>>>> > spring security on boot platform ? > > >>>>> > > > >>>>> > Thanks, > > >>>>> > > > >>>>> > > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > >>>>> > [hidden email]> wrote: > > >>>>> > > > >>>>> > > Hi Rishi, > > >>>>> > > > > >>>>> > > Can you please take a look at web session clustering feature > [1] > > >>>>> provided > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems to > me > > >>>>> it does > > >>>>> > > exactly the same - replaces HttpSession with custom > > implementation > > >>>>> that > > >>>>> > has > > >>>>> > > a backend storage. If it doesn't provide any additional API or > > >>>>> > > functionality, I'm not sure I understand the benefit of this > > >>>>> feature. > > >>>>> > > > > >>>>> > > Let me know if I'm missing something. > > >>>>> > > > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session- > > clustering > > >>>>> > > > > >>>>> > > -Val > > >>>>> > > > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > > >>>>> [hidden email]> > > >>>>> > > wrote: > > >>>>> > > > > >>>>> > > > I would like to discuss session replication / fail over > design > > on > > >>>>> > spring > > >>>>> > > > boot platform and wanted to find what is the best out to get > > >>>>> started > > >>>>> > > here ? > > >>>>> > > > > > >>>>> > > > Possible approaches are as follows - > > >>>>> > > > > > >>>>> > > > - Make use of Spring Session for session replication and > > fail > > >>>>> over > > >>>>> > > > - Extend the web session filter and make it work on spring > > >>>>> boot > > >>>>> > > > application > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > I am thinking that best approach would be to get started here > > >>>>> with > > >>>>> > spring > > >>>>> > > > session design however I am open for feedback here. > > >>>>> > > > > > >>>>> > > > -- > > >>>>> > > > Rishi Yagnik > > >>>>> > > > > > >>>>> > > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > -- > > >>>>> > Rishi Yagnik > > >>>>> > > > >>>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rishi Yagnik > > >>>> > > >>> > > >>> > > >>> > > >>> -- > > >>> Rishi Yagnik > > >>> > > >> > > >> > > >> > > >> -- > > >> Rishi Yagnik > > >> > > > > > > > > > > > > -- > Rishi Yagnik > |
Re: IGNITE-2741 - spring session design
|
|
Thanks Val for looking into it.
On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < [hidden email]> wrote: > Hi Rishi, > > Got it, I think I'm reproducing the issue. I'll take a look and let you > know my findings soon. > > -Val > > On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <[hidden email]> > wrote: > > > Hi Val, > > > > The issue will occur in cluster environment, please setup the spring boot > > on 2 different host with LB (F5 OR Reverse proxy) in front and try to > > login. > > > > In cluster environment, Spring security does not recognize the session on > > the host you are not logged in, as a result, spring security will > redirect > > to login url however the correct behavior should be that user would stay > > logged in with session replication. > > > > Do let me know if you need more information. > > > > Thanks, > > Rishi > > > > > > > > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > > [hidden email]> wrote: > > > > > Hi Rishi, > > > > > > I was able to build and run the application. Can you give some > > description > > > on what should I test to understand the issue? What exactly didn't work > > for > > > you? > > > > > > -Val > > > > > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > > > [hidden email]> wrote: > > > > > > > Hi Rishi, > > > > > > > > Thanks, I'll take a look. > > > > > > > > -Val > > > > > > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <[hidden email] > > > > > > wrote: > > > > > > > >> Hi Val, > > > >> > > > >> As promised, please find attached code for spring boot integration > > with > > > >> spring security along with Ignite. > > > >> > > > >> Some more information on project - > > > >> > > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > > > >> - spring security integrated with boot project along with ignite > > > >> - HttpSessionCookieCsrfTokenRepository does not work, gives > > > >> intermediate errors on single instance so used > > > CookieCsrfTokenRepository > > > >> for CSRF token, again I think we need a fix here from Ignite. > > > >> > > > >> I cant reproduce this errors while I am running on single instance, > > you > > > >> need to run this app on 2 spring boot instance having proxy in > front ( > > > F5, > > > >> OR any proxy ) with round robin fashion ( no sticky session on F5 OR > > > >> proxies ). > > > >> > > > >> We were thinking with round robin the user session will active since > > we > > > >> used session replication on backend. > > > >> > > > >> Do let me know if you need more information here. > > > >> > > > >> Thanks, > > > >> > > > >> Rishi > > > >> > > > >> > > > >> > > > >> > > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > [hidden email]> > > > >> wrote: > > > >> > > > >>> Val, > > > >>> > > > >>> My SB sample project is ready however I have asked for an approval > to > > > >>> submit sample project to you, it would take day or two. > > > >>> > > > >>> I will keep you posted. > > > >>> > > > >>> Thanks for all your help, > > > >>> > > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > [hidden email] > > > > > > >>> wrote: > > > >>> > > > >>>> Let me build an example app for you and send it across to you. > > > >>>> > > > >>>> Thanks, > > > >>>> > > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > > > >>>> [hidden email]> wrote: > > > >>>> > > > >>>>> Rishi, > > > >>>>> > > > >>>>> No I don't, and I think that's what we should start with. I want > to > > > >>>>> understand a use case that is currently not supported (if any) > and > > > then > > > >>>>> find the best solution. And I would like to reuse existing code > as > > > >>>>> much as > > > >>>>> possible. > > > >>>>> > > > >>>>> Do you have any code that reproduces the problem you had and how > > you > > > >>>>> tried > > > >>>>> to utilize current web session clustering? Can you share it with > > us? > > > >>>>> > > > >>>>> -Val > > > >>>>> > > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > > > [hidden email]> > > > >>>>> wrote: > > > >>>>> > > > >>>>> > Hi Val, > > > >>>>> > > > > >>>>> > I am working on SB platform with spring security and we found > out > > > >>>>> that the > > > >>>>> > web session filter ignite provides does not work for session > > > >>>>> management on > > > >>>>> > 2 node spring boot cluster. > > > >>>>> > > > > >>>>> > Somehow, spring security filter kicks in result in some weird > > > errors > > > >>>>> with > > > >>>>> > web session filter. > > > >>>>> > > > > >>>>> > So making compatible with spring security somehow, we need to > > write > > > >>>>> > implementation on spring session. > > > >>>>> > > > > >>>>> > Do you have any test cases that says web session filter would > > work > > > >>>>> with > > > >>>>> > spring security on boot platform ? > > > >>>>> > > > > >>>>> > Thanks, > > > >>>>> > > > > >>>>> > > > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > > >>>>> > [hidden email]> wrote: > > > >>>>> > > > > >>>>> > > Hi Rishi, > > > >>>>> > > > > > >>>>> > > Can you please take a look at web session clustering feature > > [1] > > > >>>>> provided > > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems to > > me > > > >>>>> it does > > > >>>>> > > exactly the same - replaces HttpSession with custom > > > implementation > > > >>>>> that > > > >>>>> > has > > > >>>>> > > a backend storage. If it doesn't provide any additional API > or > > > >>>>> > > functionality, I'm not sure I understand the benefit of this > > > >>>>> feature. > > > >>>>> > > > > > >>>>> > > Let me know if I'm missing something. > > > >>>>> > > > > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session- > > > clustering > > > >>>>> > > > > > >>>>> > > -Val > > > >>>>> > > > > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > > > >>>>> [hidden email]> > > > >>>>> > > wrote: > > > >>>>> > > > > > >>>>> > > > I would like to discuss session replication / fail over > > design > > > on > > > >>>>> > spring > > > >>>>> > > > boot platform and wanted to find what is the best out to > get > > > >>>>> started > > > >>>>> > > here ? > > > >>>>> > > > > > > >>>>> > > > Possible approaches are as follows - > > > >>>>> > > > > > > >>>>> > > > - Make use of Spring Session for session replication and > > > fail > > > >>>>> over > > > >>>>> > > > - Extend the web session filter and make it work on > spring > > > >>>>> boot > > > >>>>> > > > application > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > I am thinking that best approach would be to get started > here > > > >>>>> with > > > >>>>> > spring > > > >>>>> > > > session design however I am open for feedback here. > > > >>>>> > > > > > > >>>>> > > > -- > > > >>>>> > > > Rishi Yagnik > > > >>>>> > > > > > > >>>>> > > > > > >>>>> > > > > >>>>> > > > > >>>>> > > > > >>>>> > -- > > > >>>>> > Rishi Yagnik > > > >>>>> > > > > >>>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Rishi Yagnik > > > >>>> > > > >>> > > > >>> > > > >>> > > > >>> -- > > > >>> Rishi Yagnik > > > >>> > > > >> > > > >> > > > >> > > > >> -- > > > >> Rishi Yagnik > > > >> > > > > > > > > > > > > > > > > > > > -- > > Rishi Yagnik > > > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Hi Val,
any update on session replication issue ? Thanks, Rishi On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <[hidden email]> wrote: > Thanks Val for looking into it. > > On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < > [hidden email]> wrote: > >> Hi Rishi, >> >> Got it, I think I'm reproducing the issue. I'll take a look and let you >> know my findings soon. >> >> -Val >> >> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <[hidden email]> >> wrote: >> >> > Hi Val, >> > >> > The issue will occur in cluster environment, please setup the spring >> boot >> > on 2 different host with LB (F5 OR Reverse proxy) in front and try to >> > login. >> > >> > In cluster environment, Spring security does not recognize the session >> on >> > the host you are not logged in, as a result, spring security will >> redirect >> > to login url however the correct behavior should be that user would stay >> > logged in with session replication. >> > >> > Do let me know if you need more information. >> > >> > Thanks, >> > Rishi >> > >> > >> > >> > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < >> > [hidden email]> wrote: >> > >> > > Hi Rishi, >> > > >> > > I was able to build and run the application. Can you give some >> > description >> > > on what should I test to understand the issue? What exactly didn't >> work >> > for >> > > you? >> > > >> > > -Val >> > > >> > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < >> > > [hidden email]> wrote: >> > > >> > > > Hi Rishi, >> > > > >> > > > Thanks, I'll take a look. >> > > > >> > > > -Val >> > > > >> > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < >> [hidden email]> >> > > > wrote: >> > > > >> > > >> Hi Val, >> > > >> >> > > >> As promised, please find attached code for spring boot integration >> > with >> > > >> spring security along with Ignite. >> > > >> >> > > >> Some more information on project - >> > > >> >> > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) >> > > >> - spring security integrated with boot project along with ignite >> > > >> - HttpSessionCookieCsrfTokenRepository does not work, gives >> > > >> intermediate errors on single instance so used >> > > CookieCsrfTokenRepository >> > > >> for CSRF token, again I think we need a fix here from Ignite. >> > > >> >> > > >> I cant reproduce this errors while I am running on single instance, >> > you >> > > >> need to run this app on 2 spring boot instance having proxy in >> front ( >> > > F5, >> > > >> OR any proxy ) with round robin fashion ( no sticky session on F5 >> OR >> > > >> proxies ). >> > > >> >> > > >> We were thinking with round robin the user session will active >> since >> > we >> > > >> used session replication on backend. >> > > >> >> > > >> Do let me know if you need more information here. >> > > >> >> > > >> Thanks, >> > > >> >> > > >> Rishi >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < >> [hidden email]> >> > > >> wrote: >> > > >> >> > > >>> Val, >> > > >>> >> > > >>> My SB sample project is ready however I have asked for an >> approval to >> > > >>> submit sample project to you, it would take day or two. >> > > >>> >> > > >>> I will keep you posted. >> > > >>> >> > > >>> Thanks for all your help, >> > > >>> >> > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < >> [hidden email] >> > > >> > > >>> wrote: >> > > >>> >> > > >>>> Let me build an example app for you and send it across to you. >> > > >>>> >> > > >>>> Thanks, >> > > >>>> >> > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < >> > > >>>> [hidden email]> wrote: >> > > >>>> >> > > >>>>> Rishi, >> > > >>>>> >> > > >>>>> No I don't, and I think that's what we should start with. I >> want to >> > > >>>>> understand a use case that is currently not supported (if any) >> and >> > > then >> > > >>>>> find the best solution. And I would like to reuse existing code >> as >> > > >>>>> much as >> > > >>>>> possible. >> > > >>>>> >> > > >>>>> Do you have any code that reproduces the problem you had and how >> > you >> > > >>>>> tried >> > > >>>>> to utilize current web session clustering? Can you share it with >> > us? >> > > >>>>> >> > > >>>>> -Val >> > > >>>>> >> > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < >> > > [hidden email]> >> > > >>>>> wrote: >> > > >>>>> >> > > >>>>> > Hi Val, >> > > >>>>> > >> > > >>>>> > I am working on SB platform with spring security and we found >> out >> > > >>>>> that the >> > > >>>>> > web session filter ignite provides does not work for session >> > > >>>>> management on >> > > >>>>> > 2 node spring boot cluster. >> > > >>>>> > >> > > >>>>> > Somehow, spring security filter kicks in result in some weird >> > > errors >> > > >>>>> with >> > > >>>>> > web session filter. >> > > >>>>> > >> > > >>>>> > So making compatible with spring security somehow, we need to >> > write >> > > >>>>> > implementation on spring session. >> > > >>>>> > >> > > >>>>> > Do you have any test cases that says web session filter would >> > work >> > > >>>>> with >> > > >>>>> > spring security on boot platform ? >> > > >>>>> > >> > > >>>>> > Thanks, >> > > >>>>> > >> > > >>>>> > >> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < >> > > >>>>> > [hidden email]> wrote: >> > > >>>>> > >> > > >>>>> > > Hi Rishi, >> > > >>>>> > > >> > > >>>>> > > Can you please take a look at web session clustering feature >> > [1] >> > > >>>>> provided >> > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems >> to >> > me >> > > >>>>> it does >> > > >>>>> > > exactly the same - replaces HttpSession with custom >> > > implementation >> > > >>>>> that >> > > >>>>> > has >> > > >>>>> > > a backend storage. If it doesn't provide any additional API >> or >> > > >>>>> > > functionality, I'm not sure I understand the benefit of this >> > > >>>>> feature. >> > > >>>>> > > >> > > >>>>> > > Let me know if I'm missing something. >> > > >>>>> > > >> > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session- >> > > clustering >> > > >>>>> > > >> > > >>>>> > > -Val >> > > >>>>> > > >> > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < >> > > >>>>> [hidden email]> >> > > >>>>> > > wrote: >> > > >>>>> > > >> > > >>>>> > > > I would like to discuss session replication / fail over >> > design >> > > on >> > > >>>>> > spring >> > > >>>>> > > > boot platform and wanted to find what is the best out to >> get >> > > >>>>> started >> > > >>>>> > > here ? >> > > >>>>> > > > >> > > >>>>> > > > Possible approaches are as follows - >> > > >>>>> > > > >> > > >>>>> > > > - Make use of Spring Session for session replication >> and >> > > fail >> > > >>>>> over >> > > >>>>> > > > - Extend the web session filter and make it work on >> spring >> > > >>>>> boot >> > > >>>>> > > > application >> > > >>>>> > > > >> > > >>>>> > > > >> > > >>>>> > > > I am thinking that best approach would be to get started >> here >> > > >>>>> with >> > > >>>>> > spring >> > > >>>>> > > > session design however I am open for feedback here. >> > > >>>>> > > > >> > > >>>>> > > > -- >> > > >>>>> > > > Rishi Yagnik >> > > >>>>> > > > >> > > >>>>> > > >> > > >>>>> > >> > > >>>>> > >> > > >>>>> > >> > > >>>>> > -- >> > > >>>>> > Rishi Yagnik >> > > >>>>> > >> > > >>>>> >> > > >>>> >> > > >>>> >> > > >>>> >> > > >>>> -- >> > > >>>> Rishi Yagnik >> > > >>>> >> > > >>> >> > > >>> >> > > >>> >> > > >>> -- >> > > >>> Rishi Yagnik >> > > >>> >> > > >> >> > > >> >> > > >> >> > > >> -- >> > > >> Rishi Yagnik >> > > >> >> > > > >> > > > >> > > >> > >> > >> > >> > -- >> > Rishi Yagnik >> > >> > > > > -- > Rishi Yagnik > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Hi Rishi,
Sorry, not yet. But this on my short list of TODOs, will try to give an update as soon as possible. -Val On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <[hidden email]> wrote: > Hi Val, > > any update on session replication issue ? > > Thanks, > Rishi > > On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <[hidden email]> > wrote: > > > Thanks Val for looking into it. > > > > On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < > > [hidden email]> wrote: > > > >> Hi Rishi, > >> > >> Got it, I think I'm reproducing the issue. I'll take a look and let you > >> know my findings soon. > >> > >> -Val > >> > >> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <[hidden email]> > >> wrote: > >> > >> > Hi Val, > >> > > >> > The issue will occur in cluster environment, please setup the spring > >> boot > >> > on 2 different host with LB (F5 OR Reverse proxy) in front and try to > >> > login. > >> > > >> > In cluster environment, Spring security does not recognize the session > >> on > >> > the host you are not logged in, as a result, spring security will > >> redirect > >> > to login url however the correct behavior should be that user would > stay > >> > logged in with session replication. > >> > > >> > Do let me know if you need more information. > >> > > >> > Thanks, > >> > Rishi > >> > > >> > > >> > > >> > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > >> > [hidden email]> wrote: > >> > > >> > > Hi Rishi, > >> > > > >> > > I was able to build and run the application. Can you give some > >> > description > >> > > on what should I test to understand the issue? What exactly didn't > >> work > >> > for > >> > > you? > >> > > > >> > > -Val > >> > > > >> > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > >> > > [hidden email]> wrote: > >> > > > >> > > > Hi Rishi, > >> > > > > >> > > > Thanks, I'll take a look. > >> > > > > >> > > > -Val > >> > > > > >> > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < > >> [hidden email]> > >> > > > wrote: > >> > > > > >> > > >> Hi Val, > >> > > >> > >> > > >> As promised, please find attached code for spring boot > integration > >> > with > >> > > >> spring security along with Ignite. > >> > > >> > >> > > >> Some more information on project - > >> > > >> > >> > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > >> > > >> - spring security integrated with boot project along with > ignite > >> > > >> - HttpSessionCookieCsrfTokenRepository does not work, gives > >> > > >> intermediate errors on single instance so used > >> > > CookieCsrfTokenRepository > >> > > >> for CSRF token, again I think we need a fix here from Ignite. > >> > > >> > >> > > >> I cant reproduce this errors while I am running on single > instance, > >> > you > >> > > >> need to run this app on 2 spring boot instance having proxy in > >> front ( > >> > > F5, > >> > > >> OR any proxy ) with round robin fashion ( no sticky session on F5 > >> OR > >> > > >> proxies ). > >> > > >> > >> > > >> We were thinking with round robin the user session will active > >> since > >> > we > >> > > >> used session replication on backend. > >> > > >> > >> > > >> Do let me know if you need more information here. > >> > > >> > >> > > >> Thanks, > >> > > >> > >> > > >> Rishi > >> > > >> > >> > > >> > >> > > >> > >> > > >> > >> > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > >> [hidden email]> > >> > > >> wrote: > >> > > >> > >> > > >>> Val, > >> > > >>> > >> > > >>> My SB sample project is ready however I have asked for an > >> approval to > >> > > >>> submit sample project to you, it would take day or two. > >> > > >>> > >> > > >>> I will keep you posted. > >> > > >>> > >> > > >>> Thanks for all your help, > >> > > >>> > >> > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > >> [hidden email] > >> > > > >> > > >>> wrote: > >> > > >>> > >> > > >>>> Let me build an example app for you and send it across to you. > >> > > >>>> > >> > > >>>> Thanks, > >> > > >>>> > >> > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > >> > > >>>> [hidden email]> wrote: > >> > > >>>> > >> > > >>>>> Rishi, > >> > > >>>>> > >> > > >>>>> No I don't, and I think that's what we should start with. I > >> want to > >> > > >>>>> understand a use case that is currently not supported (if any) > >> and > >> > > then > >> > > >>>>> find the best solution. And I would like to reuse existing > code > >> as > >> > > >>>>> much as > >> > > >>>>> possible. > >> > > >>>>> > >> > > >>>>> Do you have any code that reproduces the problem you had and > how > >> > you > >> > > >>>>> tried > >> > > >>>>> to utilize current web session clustering? Can you share it > with > >> > us? > >> > > >>>>> > >> > > >>>>> -Val > >> > > >>>>> > >> > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > >> > > [hidden email]> > >> > > >>>>> wrote: > >> > > >>>>> > >> > > >>>>> > Hi Val, > >> > > >>>>> > > >> > > >>>>> > I am working on SB platform with spring security and we > found > >> out > >> > > >>>>> that the > >> > > >>>>> > web session filter ignite provides does not work for session > >> > > >>>>> management on > >> > > >>>>> > 2 node spring boot cluster. > >> > > >>>>> > > >> > > >>>>> > Somehow, spring security filter kicks in result in some > weird > >> > > errors > >> > > >>>>> with > >> > > >>>>> > web session filter. > >> > > >>>>> > > >> > > >>>>> > So making compatible with spring security somehow, we need > to > >> > write > >> > > >>>>> > implementation on spring session. > >> > > >>>>> > > >> > > >>>>> > Do you have any test cases that says web session filter > would > >> > work > >> > > >>>>> with > >> > > >>>>> > spring security on boot platform ? > >> > > >>>>> > > >> > > >>>>> > Thanks, > >> > > >>>>> > > >> > > >>>>> > > >> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > >> > > >>>>> > [hidden email]> wrote: > >> > > >>>>> > > >> > > >>>>> > > Hi Rishi, > >> > > >>>>> > > > >> > > >>>>> > > Can you please take a look at web session clustering > feature > >> > [1] > >> > > >>>>> provided > >> > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems > >> to > >> > me > >> > > >>>>> it does > >> > > >>>>> > > exactly the same - replaces HttpSession with custom > >> > > implementation > >> > > >>>>> that > >> > > >>>>> > has > >> > > >>>>> > > a backend storage. If it doesn't provide any additional > API > >> or > >> > > >>>>> > > functionality, I'm not sure I understand the benefit of > this > >> > > >>>>> feature. > >> > > >>>>> > > > >> > > >>>>> > > Let me know if I'm missing something. > >> > > >>>>> > > > >> > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session- > >> > > clustering > >> > > >>>>> > > > >> > > >>>>> > > -Val > >> > > >>>>> > > > >> > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > >> > > >>>>> [hidden email]> > >> > > >>>>> > > wrote: > >> > > >>>>> > > > >> > > >>>>> > > > I would like to discuss session replication / fail over > >> > design > >> > > on > >> > > >>>>> > spring > >> > > >>>>> > > > boot platform and wanted to find what is the best out to > >> get > >> > > >>>>> started > >> > > >>>>> > > here ? > >> > > >>>>> > > > > >> > > >>>>> > > > Possible approaches are as follows - > >> > > >>>>> > > > > >> > > >>>>> > > > - Make use of Spring Session for session replication > >> and > >> > > fail > >> > > >>>>> over > >> > > >>>>> > > > - Extend the web session filter and make it work on > >> spring > >> > > >>>>> boot > >> > > >>>>> > > > application > >> > > >>>>> > > > > >> > > >>>>> > > > > >> > > >>>>> > > > I am thinking that best approach would be to get started > >> here > >> > > >>>>> with > >> > > >>>>> > spring > >> > > >>>>> > > > session design however I am open for feedback here. > >> > > >>>>> > > > > >> > > >>>>> > > > -- > >> > > >>>>> > > > Rishi Yagnik > >> > > >>>>> > > > > >> > > >>>>> > > > >> > > >>>>> > > >> > > >>>>> > > >> > > >>>>> > > >> > > >>>>> > -- > >> > > >>>>> > Rishi Yagnik > >> > > >>>>> > > >> > > >>>>> > >> > > >>>> > >> > > >>>> > >> > > >>>> > >> > > >>>> -- > >> > > >>>> Rishi Yagnik > >> > > >>>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > > >>> -- > >> > > >>> Rishi Yagnik > >> > > >>> > >> > > >> > >> > > >> > >> > > >> > >> > > >> -- > >> > > >> Rishi Yagnik > >> > > >> > >> > > > > >> > > > > >> > > > >> > > >> > > >> > > >> > -- > >> > Rishi Yagnik > >> > > >> > > > > > > > > -- > > Rishi Yagnik > > > > > > -- > Rishi Yagnik > |
Re: IGNITE-2741 - spring session design
|
|
Hi Val,
Sorry for pestering, thanks for all your help. Rishi On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko < [hidden email]> wrote: > Hi Rishi, > > Sorry, not yet. But this on my short list of TODOs, will try to give an > update as soon as possible. > > -Val > > On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <[hidden email]> > wrote: > > > Hi Val, > > > > any update on session replication issue ? > > > > Thanks, > > Rishi > > > > On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <[hidden email]> > > wrote: > > > > > Thanks Val for looking into it. > > > > > > On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < > > > [hidden email]> wrote: > > > > > >> Hi Rishi, > > >> > > >> Got it, I think I'm reproducing the issue. I'll take a look and let > you > > >> know my findings soon. > > >> > > >> -Val > > >> > > >> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <[hidden email]> > > >> wrote: > > >> > > >> > Hi Val, > > >> > > > >> > The issue will occur in cluster environment, please setup the spring > > >> boot > > >> > on 2 different host with LB (F5 OR Reverse proxy) in front and try > to > > >> > login. > > >> > > > >> > In cluster environment, Spring security does not recognize the > session > > >> on > > >> > the host you are not logged in, as a result, spring security will > > >> redirect > > >> > to login url however the correct behavior should be that user would > > stay > > >> > logged in with session replication. > > >> > > > >> > Do let me know if you need more information. > > >> > > > >> > Thanks, > > >> > Rishi > > >> > > > >> > > > >> > > > >> > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > > >> > [hidden email]> wrote: > > >> > > > >> > > Hi Rishi, > > >> > > > > >> > > I was able to build and run the application. Can you give some > > >> > description > > >> > > on what should I test to understand the issue? What exactly didn't > > >> work > > >> > for > > >> > > you? > > >> > > > > >> > > -Val > > >> > > > > >> > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > > >> > > [hidden email]> wrote: > > >> > > > > >> > > > Hi Rishi, > > >> > > > > > >> > > > Thanks, I'll take a look. > > >> > > > > > >> > > > -Val > > >> > > > > > >> > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < > > >> [hidden email]> > > >> > > > wrote: > > >> > > > > > >> > > >> Hi Val, > > >> > > >> > > >> > > >> As promised, please find attached code for spring boot > > integration > > >> > with > > >> > > >> spring security along with Ignite. > > >> > > >> > > >> > > >> Some more information on project - > > >> > > >> > > >> > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > > >> > > >> - spring security integrated with boot project along with > > ignite > > >> > > >> - HttpSessionCookieCsrfTokenRepository does not work, gives > > >> > > >> intermediate errors on single instance so used > > >> > > CookieCsrfTokenRepository > > >> > > >> for CSRF token, again I think we need a fix here from > Ignite. > > >> > > >> > > >> > > >> I cant reproduce this errors while I am running on single > > instance, > > >> > you > > >> > > >> need to run this app on 2 spring boot instance having proxy in > > >> front ( > > >> > > F5, > > >> > > >> OR any proxy ) with round robin fashion ( no sticky session on > F5 > > >> OR > > >> > > >> proxies ). > > >> > > >> > > >> > > >> We were thinking with round robin the user session will active > > >> since > > >> > we > > >> > > >> used session replication on backend. > > >> > > >> > > >> > > >> Do let me know if you need more information here. > > >> > > >> > > >> > > >> Thanks, > > >> > > >> > > >> > > >> Rishi > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > > >> [hidden email]> > > >> > > >> wrote: > > >> > > >> > > >> > > >>> Val, > > >> > > >>> > > >> > > >>> My SB sample project is ready however I have asked for an > > >> approval to > > >> > > >>> submit sample project to you, it would take day or two. > > >> > > >>> > > >> > > >>> I will keep you posted. > > >> > > >>> > > >> > > >>> Thanks for all your help, > > >> > > >>> > > >> > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > > >> [hidden email] > > >> > > > > >> > > >>> wrote: > > >> > > >>> > > >> > > >>>> Let me build an example app for you and send it across to > you. > > >> > > >>>> > > >> > > >>>> Thanks, > > >> > > >>>> > > >> > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > > >> > > >>>> [hidden email]> wrote: > > >> > > >>>> > > >> > > >>>>> Rishi, > > >> > > >>>>> > > >> > > >>>>> No I don't, and I think that's what we should start with. I > > >> want to > > >> > > >>>>> understand a use case that is currently not supported (if > any) > > >> and > > >> > > then > > >> > > >>>>> find the best solution. And I would like to reuse existing > > code > > >> as > > >> > > >>>>> much as > > >> > > >>>>> possible. > > >> > > >>>>> > > >> > > >>>>> Do you have any code that reproduces the problem you had and > > how > > >> > you > > >> > > >>>>> tried > > >> > > >>>>> to utilize current web session clustering? Can you share it > > with > > >> > us? > > >> > > >>>>> > > >> > > >>>>> -Val > > >> > > >>>>> > > >> > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > > >> > > [hidden email]> > > >> > > >>>>> wrote: > > >> > > >>>>> > > >> > > >>>>> > Hi Val, > > >> > > >>>>> > > > >> > > >>>>> > I am working on SB platform with spring security and we > > found > > >> out > > >> > > >>>>> that the > > >> > > >>>>> > web session filter ignite provides does not work for > session > > >> > > >>>>> management on > > >> > > >>>>> > 2 node spring boot cluster. > > >> > > >>>>> > > > >> > > >>>>> > Somehow, spring security filter kicks in result in some > > weird > > >> > > errors > > >> > > >>>>> with > > >> > > >>>>> > web session filter. > > >> > > >>>>> > > > >> > > >>>>> > So making compatible with spring security somehow, we need > > to > > >> > write > > >> > > >>>>> > implementation on spring session. > > >> > > >>>>> > > > >> > > >>>>> > Do you have any test cases that says web session filter > > would > > >> > work > > >> > > >>>>> with > > >> > > >>>>> > spring security on boot platform ? > > >> > > >>>>> > > > >> > > >>>>> > Thanks, > > >> > > >>>>> > > > >> > > >>>>> > > > >> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > >> > > >>>>> > [hidden email]> wrote: > > >> > > >>>>> > > > >> > > >>>>> > > Hi Rishi, > > >> > > >>>>> > > > > >> > > >>>>> > > Can you please take a look at web session clustering > > feature > > >> > [1] > > >> > > >>>>> provided > > >> > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it > seems > > >> to > > >> > me > > >> > > >>>>> it does > > >> > > >>>>> > > exactly the same - replaces HttpSession with custom > > >> > > implementation > > >> > > >>>>> that > > >> > > >>>>> > has > > >> > > >>>>> > > a backend storage. If it doesn't provide any additional > > API > > >> or > > >> > > >>>>> > > functionality, I'm not sure I understand the benefit of > > this > > >> > > >>>>> feature. > > >> > > >>>>> > > > > >> > > >>>>> > > Let me know if I'm missing something. > > >> > > >>>>> > > > > >> > > >>>>> > > [1] https://apacheignite-mix. > readme.io/docs/web-session- > > >> > > clustering > > >> > > >>>>> > > > > >> > > >>>>> > > -Val > > >> > > >>>>> > > > > >> > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > > >> > > >>>>> [hidden email]> > > >> > > >>>>> > > wrote: > > >> > > >>>>> > > > > >> > > >>>>> > > > I would like to discuss session replication / fail > over > > >> > design > > >> > > on > > >> > > >>>>> > spring > > >> > > >>>>> > > > boot platform and wanted to find what is the best out > to > > >> get > > >> > > >>>>> started > > >> > > >>>>> > > here ? > > >> > > >>>>> > > > > > >> > > >>>>> > > > Possible approaches are as follows - > > >> > > >>>>> > > > > > >> > > >>>>> > > > - Make use of Spring Session for session > replication > > >> and > > >> > > fail > > >> > > >>>>> over > > >> > > >>>>> > > > - Extend the web session filter and make it work on > > >> spring > > >> > > >>>>> boot > > >> > > >>>>> > > > application > > >> > > >>>>> > > > > > >> > > >>>>> > > > > > >> > > >>>>> > > > I am thinking that best approach would be to get > started > > >> here > > >> > > >>>>> with > > >> > > >>>>> > spring > > >> > > >>>>> > > > session design however I am open for feedback here. > > >> > > >>>>> > > > > > >> > > >>>>> > > > -- > > >> > > >>>>> > > > Rishi Yagnik > > >> > > >>>>> > > > > > >> > > >>>>> > > > > >> > > >>>>> > > > >> > > >>>>> > > > >> > > >>>>> > > > >> > > >>>>> > -- > > >> > > >>>>> > Rishi Yagnik > > >> > > >>>>> > > > >> > > >>>>> > > >> > > >>>> > > >> > > >>>> > > >> > > >>>> > > >> > > >>>> -- > > >> > > >>>> Rishi Yagnik > > >> > > >>>> > > >> > > >>> > > >> > > >>> > > >> > > >>> > > >> > > >>> -- > > >> > > >>> Rishi Yagnik > > >> > > >>> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> -- > > >> > > >> Rishi Yagnik > > >> > > >> > > >> > > > > > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> > -- > > >> > Rishi Yagnik > > >> > > > >> > > > > > > > > > > > > -- > > > Rishi Yagnik > > > > > > > > > > > -- > > Rishi Yagnik > > > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Hi Rishi,
I did some debugging. Apparently, the reason for this behavior is that Spring Security filter resides before Ignite's filter in the chain list. I think that eventually this should be fixed in the product, but in the meantime there must be a way to work around the problem by controlling the order. Do you know how this can be done in Spring Boot? -Val On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <[hidden email]> wrote: > Hi Val, > > Sorry for pestering, thanks for all your help. > > Rishi > > On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko < > [hidden email]> wrote: > > > Hi Rishi, > > > > Sorry, not yet. But this on my short list of TODOs, will try to give an > > update as soon as possible. > > > > -Val > > > > On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <[hidden email]> > > wrote: > > > > > Hi Val, > > > > > > any update on session replication issue ? > > > > > > Thanks, > > > Rishi > > > > > > On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <[hidden email]> > > > wrote: > > > > > > > Thanks Val for looking into it. > > > > > > > > On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < > > > > [hidden email]> wrote: > > > > > > > >> Hi Rishi, > > > >> > > > >> Got it, I think I'm reproducing the issue. I'll take a look and let > > you > > > >> know my findings soon. > > > >> > > > >> -Val > > > >> > > > >> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik < > [hidden email]> > > > >> wrote: > > > >> > > > >> > Hi Val, > > > >> > > > > >> > The issue will occur in cluster environment, please setup the > spring > > > >> boot > > > >> > on 2 different host with LB (F5 OR Reverse proxy) in front and try > > to > > > >> > login. > > > >> > > > > >> > In cluster environment, Spring security does not recognize the > > session > > > >> on > > > >> > the host you are not logged in, as a result, spring security will > > > >> redirect > > > >> > to login url however the correct behavior should be that user > would > > > stay > > > >> > logged in with session replication. > > > >> > > > > >> > Do let me know if you need more information. > > > >> > > > > >> > Thanks, > > > >> > Rishi > > > >> > > > > >> > > > > >> > > > > >> > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > > > >> > [hidden email]> wrote: > > > >> > > > > >> > > Hi Rishi, > > > >> > > > > > >> > > I was able to build and run the application. Can you give some > > > >> > description > > > >> > > on what should I test to understand the issue? What exactly > didn't > > > >> work > > > >> > for > > > >> > > you? > > > >> > > > > > >> > > -Val > > > >> > > > > > >> > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > > > >> > > [hidden email]> wrote: > > > >> > > > > > >> > > > Hi Rishi, > > > >> > > > > > > >> > > > Thanks, I'll take a look. > > > >> > > > > > > >> > > > -Val > > > >> > > > > > > >> > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < > > > >> [hidden email]> > > > >> > > > wrote: > > > >> > > > > > > >> > > >> Hi Val, > > > >> > > >> > > > >> > > >> As promised, please find attached code for spring boot > > > integration > > > >> > with > > > >> > > >> spring security along with Ignite. > > > >> > > >> > > > >> > > >> Some more information on project - > > > >> > > >> > > > >> > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > > > >> > > >> - spring security integrated with boot project along with > > > ignite > > > >> > > >> - HttpSessionCookieCsrfTokenRepository does not work, > gives > > > >> > > >> intermediate errors on single instance so used > > > >> > > CookieCsrfTokenRepository > > > >> > > >> for CSRF token, again I think we need a fix here from > > Ignite. > > > >> > > >> > > > >> > > >> I cant reproduce this errors while I am running on single > > > instance, > > > >> > you > > > >> > > >> need to run this app on 2 spring boot instance having proxy > in > > > >> front ( > > > >> > > F5, > > > >> > > >> OR any proxy ) with round robin fashion ( no sticky session > on > > F5 > > > >> OR > > > >> > > >> proxies ). > > > >> > > >> > > > >> > > >> We were thinking with round robin the user session will > active > > > >> since > > > >> > we > > > >> > > >> used session replication on backend. > > > >> > > >> > > > >> > > >> Do let me know if you need more information here. > > > >> > > >> > > > >> > > >> Thanks, > > > >> > > >> > > > >> > > >> Rishi > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > > > >> [hidden email]> > > > >> > > >> wrote: > > > >> > > >> > > > >> > > >>> Val, > > > >> > > >>> > > > >> > > >>> My SB sample project is ready however I have asked for an > > > >> approval to > > > >> > > >>> submit sample project to you, it would take day or two. > > > >> > > >>> > > > >> > > >>> I will keep you posted. > > > >> > > >>> > > > >> > > >>> Thanks for all your help, > > > >> > > >>> > > > >> > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > > > >> [hidden email] > > > >> > > > > > >> > > >>> wrote: > > > >> > > >>> > > > >> > > >>>> Let me build an example app for you and send it across to > > you. > > > >> > > >>>> > > > >> > > >>>> Thanks, > > > >> > > >>>> > > > >> > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > > > >> > > >>>> [hidden email]> wrote: > > > >> > > >>>> > > > >> > > >>>>> Rishi, > > > >> > > >>>>> > > > >> > > >>>>> No I don't, and I think that's what we should start with. > I > > > >> want to > > > >> > > >>>>> understand a use case that is currently not supported (if > > any) > > > >> and > > > >> > > then > > > >> > > >>>>> find the best solution. And I would like to reuse existing > > > code > > > >> as > > > >> > > >>>>> much as > > > >> > > >>>>> possible. > > > >> > > >>>>> > > > >> > > >>>>> Do you have any code that reproduces the problem you had > and > > > how > > > >> > you > > > >> > > >>>>> tried > > > >> > > >>>>> to utilize current web session clustering? Can you share > it > > > with > > > >> > us? > > > >> > > >>>>> > > > >> > > >>>>> -Val > > > >> > > >>>>> > > > >> > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > > > >> > > [hidden email]> > > > >> > > >>>>> wrote: > > > >> > > >>>>> > > > >> > > >>>>> > Hi Val, > > > >> > > >>>>> > > > > >> > > >>>>> > I am working on SB platform with spring security and we > > > found > > > >> out > > > >> > > >>>>> that the > > > >> > > >>>>> > web session filter ignite provides does not work for > > session > > > >> > > >>>>> management on > > > >> > > >>>>> > 2 node spring boot cluster. > > > >> > > >>>>> > > > > >> > > >>>>> > Somehow, spring security filter kicks in result in some > > > weird > > > >> > > errors > > > >> > > >>>>> with > > > >> > > >>>>> > web session filter. > > > >> > > >>>>> > > > > >> > > >>>>> > So making compatible with spring security somehow, we > need > > > to > > > >> > write > > > >> > > >>>>> > implementation on spring session. > > > >> > > >>>>> > > > > >> > > >>>>> > Do you have any test cases that says web session filter > > > would > > > >> > work > > > >> > > >>>>> with > > > >> > > >>>>> > spring security on boot platform ? > > > >> > > >>>>> > > > > >> > > >>>>> > Thanks, > > > >> > > >>>>> > > > > >> > > >>>>> > > > > >> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > > >> > > >>>>> > [hidden email]> wrote: > > > >> > > >>>>> > > > > >> > > >>>>> > > Hi Rishi, > > > >> > > >>>>> > > > > > >> > > >>>>> > > Can you please take a look at web session clustering > > > feature > > > >> > [1] > > > >> > > >>>>> provided > > > >> > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it > > seems > > > >> to > > > >> > me > > > >> > > >>>>> it does > > > >> > > >>>>> > > exactly the same - replaces HttpSession with custom > > > >> > > implementation > > > >> > > >>>>> that > > > >> > > >>>>> > has > > > >> > > >>>>> > > a backend storage. If it doesn't provide any > additional > > > API > > > >> or > > > >> > > >>>>> > > functionality, I'm not sure I understand the benefit > of > > > this > > > >> > > >>>>> feature. > > > >> > > >>>>> > > > > > >> > > >>>>> > > Let me know if I'm missing something. > > > >> > > >>>>> > > > > > >> > > >>>>> > > [1] https://apacheignite-mix. > > readme.io/docs/web-session- > > > >> > > clustering > > > >> > > >>>>> > > > > > >> > > >>>>> > > -Val > > > >> > > >>>>> > > > > > >> > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > > > >> > > >>>>> [hidden email]> > > > >> > > >>>>> > > wrote: > > > >> > > >>>>> > > > > > >> > > >>>>> > > > I would like to discuss session replication / fail > > over > > > >> > design > > > >> > > on > > > >> > > >>>>> > spring > > > >> > > >>>>> > > > boot platform and wanted to find what is the best > out > > to > > > >> get > > > >> > > >>>>> started > > > >> > > >>>>> > > here ? > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > Possible approaches are as follows - > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > - Make use of Spring Session for session > > replication > > > >> and > > > >> > > fail > > > >> > > >>>>> over > > > >> > > >>>>> > > > - Extend the web session filter and make it work > on > > > >> spring > > > >> > > >>>>> boot > > > >> > > >>>>> > > > application > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > I am thinking that best approach would be to get > > started > > > >> here > > > >> > > >>>>> with > > > >> > > >>>>> > spring > > > >> > > >>>>> > > > session design however I am open for feedback here. > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > -- > > > >> > > >>>>> > > > Rishi Yagnik > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > > > >> > > >>>>> > > > > >> > > >>>>> > > > > >> > > >>>>> > > > > >> > > >>>>> > -- > > > >> > > >>>>> > Rishi Yagnik > > > >> > > >>>>> > > > > >> > > >>>>> > > > >> > > >>>> > > > >> > > >>>> > > > >> > > >>>> > > > >> > > >>>> -- > > > >> > > >>>> Rishi Yagnik > > > >> > > >>>> > > > >> > > >>> > > > >> > > >>> > > > >> > > >>> > > > >> > > >>> -- > > > >> > > >>> Rishi Yagnik > > > >> > > >>> > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> -- > > > >> > > >> Rishi Yagnik > > > >> > > >> > > > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > -- > > > >> > Rishi Yagnik > > > >> > > > > >> > > > > > > > > > > > > > > > > -- > > > > Rishi Yagnik > > > > > > > > > > > > > > > > -- > > > Rishi Yagnik > > > > > > > > > -- > Rishi Yagnik > |
Re: IGNITE-2741 - spring session design
|
|
Hi Val,
Thanks for the response, we have executed ignite filter before spring security filter but somehow the ignite filter does not do the job of setting spring principle context. As a result even though we have spring principle in session, spring filter does not recognize it and sends us back to log in page. I think there s some more work needed here to change the filter and make it work with spring boot application. Take Care, Rishi > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <[hidden email]> wrote: > > Hi Rishi, > > I did some debugging. Apparently, the reason for this behavior is that > Spring Security filter resides before Ignite's filter in the chain list. I > think that eventually this should be fixed in the product, but in the > meantime there must be a way to work around the problem by controlling the > order. Do you know how this can be done in Spring Boot? > > -Val > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <[hidden email]> wrote: >> >> Hi Val, >> >> Sorry for pestering, thanks for all your help. >> >> Rishi >> >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko < >> [hidden email]> wrote: >> >>> Hi Rishi, >>> >>> Sorry, not yet. But this on my short list of TODOs, will try to give an >>> update as soon as possible. >>> >>> -Val >>> >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <[hidden email]> >>> wrote: >>> >>>> Hi Val, >>>> >>>> any update on session replication issue ? >>>> >>>> Thanks, >>>> Rishi >>>> >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <[hidden email]> >>>> wrote: >>>> >>>>> Thanks Val for looking into it. >>>>> >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < >>>>> [hidden email]> wrote: >>>>> >>>>>> Hi Rishi, >>>>>> >>>>>> Got it, I think I'm reproducing the issue. I'll take a look and let >>> you >>>>>> know my findings soon. >>>>>> >>>>>> -Val >>>>>> >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik < >> [hidden email]> >>>>>> wrote: >>>>>> >>>>>>> Hi Val, >>>>>>> >>>>>>> The issue will occur in cluster environment, please setup the >> spring >>>>>> boot >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front and try >>> to >>>>>>> login. >>>>>>> >>>>>>> In cluster environment, Spring security does not recognize the >>> session >>>>>> on >>>>>>> the host you are not logged in, as a result, spring security will >>>>>> redirect >>>>>>> to login url however the correct behavior should be that user >> would >>>> stay >>>>>>> logged in with session replication. >>>>>>> >>>>>>> Do let me know if you need more information. >>>>>>> >>>>>>> Thanks, >>>>>>> Rishi >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < >>>>>>> [hidden email]> wrote: >>>>>>> >>>>>>>> Hi Rishi, >>>>>>>> >>>>>>>> I was able to build and run the application. Can you give some >>>>>>> description >>>>>>>> on what should I test to understand the issue? What exactly >> didn't >>>>>> work >>>>>>> for >>>>>>>> you? >>>>>>>> >>>>>>>> -Val >>>>>>>> >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < >>>>>>>> [hidden email]> wrote: >>>>>>>> >>>>>>>>> Hi Rishi, >>>>>>>>> >>>>>>>>> Thanks, I'll take a look. >>>>>>>>> >>>>>>>>> -Val >>>>>>>>> >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < >>>>>> [hidden email]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi Val, >>>>>>>>>> >>>>>>>>>> As promised, please find attached code for spring boot >>>> integration >>>>>>> with >>>>>>>>>> spring security along with Ignite. >>>>>>>>>> >>>>>>>>>> Some more information on project - >>>>>>>>>> >>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) >>>>>>>>>> - spring security integrated with boot project along with >>>> ignite >>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not work, >> gives >>>>>>>>>> intermediate errors on single instance so used >>>>>>>> CookieCsrfTokenRepository >>>>>>>>>> for CSRF token, again I think we need a fix here from >>> Ignite. >>>>>>>>>> >>>>>>>>>> I cant reproduce this errors while I am running on single >>>> instance, >>>>>>> you >>>>>>>>>> need to run this app on 2 spring boot instance having proxy >> in >>>>>> front ( >>>>>>>> F5, >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky session >> on >>> F5 >>>>>> OR >>>>>>>>>> proxies ). >>>>>>>>>> >>>>>>>>>> We were thinking with round robin the user session will >> active >>>>>> since >>>>>>> we >>>>>>>>>> used session replication on backend. >>>>>>>>>> >>>>>>>>>> Do let me know if you need more information here. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> Rishi >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < >>>>>> [hidden email]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Val, >>>>>>>>>>> >>>>>>>>>>> My SB sample project is ready however I have asked for an >>>>>> approval to >>>>>>>>>>> submit sample project to you, it would take day or two. >>>>>>>>>>> >>>>>>>>>>> I will keep you posted. >>>>>>>>>>> >>>>>>>>>>> Thanks for all your help, >>>>>>>>>>> >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < >>>>>> [hidden email] >>>>>>>> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Let me build an example app for you and send it across to >>> you. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < >>>>>>>>>>>> [hidden email]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Rishi, >>>>>>>>>>>>> >>>>>>>>>>>>> No I don't, and I think that's what we should start with. >> I >>>>>> want to >>>>>>>>>>>>> understand a use case that is currently not supported (if >>> any) >>>>>> and >>>>>>>> then >>>>>>>>>>>>> find the best solution. And I would like to reuse existing >>>> code >>>>>> as >>>>>>>>>>>>> much as >>>>>>>>>>>>> possible. >>>>>>>>>>>>> >>>>>>>>>>>>> Do you have any code that reproduces the problem you had >> and >>>> how >>>>>>> you >>>>>>>>>>>>> tried >>>>>>>>>>>>> to utilize current web session clustering? Can you share >> it >>>> with >>>>>>> us? >>>>>>>>>>>>> >>>>>>>>>>>>> -Val >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < >>>>>>>> [hidden email]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Val, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I am working on SB platform with spring security and we >>>> found >>>>>> out >>>>>>>>>>>>> that the >>>>>>>>>>>>>> web session filter ignite provides does not work for >>> session >>>>>>>>>>>>> management on >>>>>>>>>>>>>> 2 node spring boot cluster. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in some >>>> weird >>>>>>>> errors >>>>>>>>>>>>> with >>>>>>>>>>>>>> web session filter. >>>>>>>>>>>>>> >>>>>>>>>>>>>> So making compatible with spring security somehow, we >> need >>>> to >>>>>>> write >>>>>>>>>>>>>> implementation on spring session. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Do you have any test cases that says web session filter >>>> would >>>>>>> work >>>>>>>>>>>>> with >>>>>>>>>>>>>> spring security on boot platform ? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < >>>>>>>>>>>>>> [hidden email]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Rishi, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can you please take a look at web session clustering >>>> feature >>>>>>> [1] >>>>>>>>>>>>> provided >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and it >>> seems >>>>>> to >>>>>>> me >>>>>>>>>>>>> it does >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom >>>>>>>> implementation >>>>>>>>>>>>> that >>>>>>>>>>>>>> has >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any >> additional >>>> API >>>>>> or >>>>>>>>>>>>>>> functionality, I'm not sure I understand the benefit >> of >>>> this >>>>>>>>>>>>> feature. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Let me know if I'm missing something. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [1] https://apacheignite-mix. >>> readme.io/docs/web-session- >>>>>>>> clustering >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -Val >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < >>>>>>>>>>>>> [hidden email]> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I would like to discuss session replication / fail >>> over >>>>>>> design >>>>>>>> on >>>>>>>>>>>>>> spring >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best >> out >>> to >>>>>> get >>>>>>>>>>>>> started >>>>>>>>>>>>>>> here ? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Possible approaches are as follows - >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> - Make use of Spring Session for session >>> replication >>>>>> and >>>>>>>> fail >>>>>>>>>>>>> over >>>>>>>>>>>>>>>> - Extend the web session filter and make it work >> on >>>>>> spring >>>>>>>>>>>>> boot >>>>>>>>>>>>>>>> application >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I am thinking that best approach would be to get >>> started >>>>>> here >>>>>>>>>>>>> with >>>>>>>>>>>>>> spring >>>>>>>>>>>>>>>> session design however I am open for feedback here. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Rishi Yagnik >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Rishi Yagnik >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Rishi Yagnik >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Rishi Yagnik >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rishi Yagnik >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Rishi Yagnik >>>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Rishi Yagnik >>>>> >>>> >>>> >>>> >>>> -- >>>> Rishi Yagnik >>>> >>> >> >> >> >> -- >> Rishi Yagnik >> |
Re: IGNITE-2741 - spring session design
|
|
Rishi,
Can you please share how you forced Ignite filter to be invoked before security filter? -Val On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <[hidden email]> wrote: > Hi Val, > > Thanks for the response, we have executed ignite filter before spring > security filter but somehow the ignite filter does not do the job of > setting spring principle context. > > As a result even though we have spring principle in session, spring filter > does not recognize it and sends us back to log in page. > > I think there s some more work needed here to change the filter and make > it work with spring boot application. > > Take Care, > Rishi > > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko < > [hidden email]> wrote: > > > > Hi Rishi, > > > > I did some debugging. Apparently, the reason for this behavior is that > > Spring Security filter resides before Ignite's filter in the chain list. > I > > think that eventually this should be fixed in the product, but in the > > meantime there must be a way to work around the problem by controlling > the > > order. Do you know how this can be done in Spring Boot? > > > > -Val > > > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <[hidden email]> > wrote: > >> > >> Hi Val, > >> > >> Sorry for pestering, thanks for all your help. > >> > >> Rishi > >> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko < > >> [hidden email]> wrote: > >> > >>> Hi Rishi, > >>> > >>> Sorry, not yet. But this on my short list of TODOs, will try to give an > >>> update as soon as possible. > >>> > >>> -Val > >>> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <[hidden email]> > >>> wrote: > >>> > >>>> Hi Val, > >>>> > >>>> any update on session replication issue ? > >>>> > >>>> Thanks, > >>>> Rishi > >>>> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <[hidden email]> > >>>> wrote: > >>>> > >>>>> Thanks Val for looking into it. > >>>>> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < > >>>>> [hidden email]> wrote: > >>>>> > >>>>>> Hi Rishi, > >>>>>> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a look and let > >>> you > >>>>>> know my findings soon. > >>>>>> > >>>>>> -Val > >>>>>> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik < > >> [hidden email]> > >>>>>> wrote: > >>>>>> > >>>>>>> Hi Val, > >>>>>>> > >>>>>>> The issue will occur in cluster environment, please setup the > >> spring > >>>>>> boot > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front and try > >>> to > >>>>>>> login. > >>>>>>> > >>>>>>> In cluster environment, Spring security does not recognize the > >>> session > >>>>>> on > >>>>>>> the host you are not logged in, as a result, spring security will > >>>>>> redirect > >>>>>>> to login url however the correct behavior should be that user > >> would > >>>> stay > >>>>>>> logged in with session replication. > >>>>>>> > >>>>>>> Do let me know if you need more information. > >>>>>>> > >>>>>>> Thanks, > >>>>>>> Rishi > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > >>>>>>> [hidden email]> wrote: > >>>>>>> > >>>>>>>> Hi Rishi, > >>>>>>>> > >>>>>>>> I was able to build and run the application. Can you give some > >>>>>>> description > >>>>>>>> on what should I test to understand the issue? What exactly > >> didn't > >>>>>> work > >>>>>>> for > >>>>>>>> you? > >>>>>>>> > >>>>>>>> -Val > >>>>>>>> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > >>>>>>>> [hidden email]> wrote: > >>>>>>>> > >>>>>>>>> Hi Rishi, > >>>>>>>>> > >>>>>>>>> Thanks, I'll take a look. > >>>>>>>>> > >>>>>>>>> -Val > >>>>>>>>> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < > >>>>>> [hidden email]> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>>> Hi Val, > >>>>>>>>>> > >>>>>>>>>> As promised, please find attached code for spring boot > >>>> integration > >>>>>>> with > >>>>>>>>>> spring security along with Ignite. > >>>>>>>>>> > >>>>>>>>>> Some more information on project - > >>>>>>>>>> > >>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > >>>>>>>>>> - spring security integrated with boot project along with > >>>> ignite > >>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not work, > >> gives > >>>>>>>>>> intermediate errors on single instance so used > >>>>>>>> CookieCsrfTokenRepository > >>>>>>>>>> for CSRF token, again I think we need a fix here from > >>> Ignite. > >>>>>>>>>> > >>>>>>>>>> I cant reproduce this errors while I am running on single > >>>> instance, > >>>>>>> you > >>>>>>>>>> need to run this app on 2 spring boot instance having proxy > >> in > >>>>>> front ( > >>>>>>>> F5, > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky session > >> on > >>> F5 > >>>>>> OR > >>>>>>>>>> proxies ). > >>>>>>>>>> > >>>>>>>>>> We were thinking with round robin the user session will > >> active > >>>>>> since > >>>>>>> we > >>>>>>>>>> used session replication on backend. > >>>>>>>>>> > >>>>>>>>>> Do let me know if you need more information here. > >>>>>>>>>> > >>>>>>>>>> Thanks, > >>>>>>>>>> > >>>>>>>>>> Rishi > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > >>>>>> [hidden email]> > >>>>>>>>>> wrote: > >>>>>>>>>> > >>>>>>>>>>> Val, > >>>>>>>>>>> > >>>>>>>>>>> My SB sample project is ready however I have asked for an > >>>>>> approval to > >>>>>>>>>>> submit sample project to you, it would take day or two. > >>>>>>>>>>> > >>>>>>>>>>> I will keep you posted. > >>>>>>>>>>> > >>>>>>>>>>> Thanks for all your help, > >>>>>>>>>>> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > >>>>>> [hidden email] > >>>>>>>> > >>>>>>>>>>> wrote: > >>>>>>>>>>> > >>>>>>>>>>>> Let me build an example app for you and send it across to > >>> you. > >>>>>>>>>>>> > >>>>>>>>>>>> Thanks, > >>>>>>>>>>>> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > >>>>>>>>>>>> [hidden email]> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> Rishi, > >>>>>>>>>>>>> > >>>>>>>>>>>>> No I don't, and I think that's what we should start with. > >> I > >>>>>> want to > >>>>>>>>>>>>> understand a use case that is currently not supported (if > >>> any) > >>>>>> and > >>>>>>>> then > >>>>>>>>>>>>> find the best solution. And I would like to reuse existing > >>>> code > >>>>>> as > >>>>>>>>>>>>> much as > >>>>>>>>>>>>> possible. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Do you have any code that reproduces the problem you had > >> and > >>>> how > >>>>>>> you > >>>>>>>>>>>>> tried > >>>>>>>>>>>>> to utilize current web session clustering? Can you share > >> it > >>>> with > >>>>>>> us? > >>>>>>>>>>>>> > >>>>>>>>>>>>> -Val > >>>>>>>>>>>>> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > >>>>>>>> [hidden email]> > >>>>>>>>>>>>> wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> Hi Val, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> I am working on SB platform with spring security and we > >>>> found > >>>>>> out > >>>>>>>>>>>>> that the > >>>>>>>>>>>>>> web session filter ignite provides does not work for > >>> session > >>>>>>>>>>>>> management on > >>>>>>>>>>>>>> 2 node spring boot cluster. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in some > >>>> weird > >>>>>>>> errors > >>>>>>>>>>>>> with > >>>>>>>>>>>>>> web session filter. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> So making compatible with spring security somehow, we > >> need > >>>> to > >>>>>>> write > >>>>>>>>>>>>>> implementation on spring session. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Do you have any test cases that says web session filter > >>>> would > >>>>>>> work > >>>>>>>>>>>>> with > >>>>>>>>>>>>>> spring security on boot platform ? > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Thanks, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > >>>>>>>>>>>>>> [hidden email]> wrote: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Hi Rishi, > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Can you please take a look at web session clustering > >>>> feature > >>>>>>> [1] > >>>>>>>>>>>>> provided > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and it > >>> seems > >>>>>> to > >>>>>>> me > >>>>>>>>>>>>> it does > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom > >>>>>>>> implementation > >>>>>>>>>>>>> that > >>>>>>>>>>>>>> has > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any > >> additional > >>>> API > >>>>>> or > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the benefit > >> of > >>>> this > >>>>>>>>>>>>> feature. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Let me know if I'm missing something. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix. > >>> readme.io/docs/web-session- > >>>>>>>> clustering > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -Val > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > >>>>>>>>>>>>> [hidden email]> > >>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I would like to discuss session replication / fail > >>> over > >>>>>>> design > >>>>>>>> on > >>>>>>>>>>>>>> spring > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best > >> out > >>> to > >>>>>> get > >>>>>>>>>>>>> started > >>>>>>>>>>>>>>> here ? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Possible approaches are as follows - > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> - Make use of Spring Session for session > >>> replication > >>>>>> and > >>>>>>>> fail > >>>>>>>>>>>>> over > >>>>>>>>>>>>>>>> - Extend the web session filter and make it work > >> on > >>>>>> spring > >>>>>>>>>>>>> boot > >>>>>>>>>>>>>>>> application > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get > >>> started > >>>>>> here > >>>>>>>>>>>>> with > >>>>>>>>>>>>>> spring > >>>>>>>>>>>>>>>> session design however I am open for feedback here. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>>> Rishi Yagnik > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> -- > >>>>>>>>>>>>>> Rishi Yagnik > >>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> -- > >>>>>>>>>>>> Rishi Yagnik > >>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> -- > >>>>>>>>>>> Rishi Yagnik > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> -- > >>>>>>>>>> Rishi Yagnik > >>>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Rishi Yagnik > >>>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Rishi Yagnik > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Rishi Yagnik > >>>> > >>> > >> > >> > >> > >> -- > >> Rishi Yagnik > >> > |
Re: IGNITE-2741 - spring session design
|
|
Val,
Adding a filter before csrf filter will invoke the custom ignite filter. Declare a custom filter class extends it with websession filter public class CustomWebSessionFilter extends WebSessionFilter { private static boolean igniteInitialize = false @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { if(!igniteInitialize) { super.init(new FilterConfig() { @Override public String getFilterName() { return "CustomWebSessionFilter"; } @Override public ServletContext getServletContext() { return req.getServletContext(); } @Override public String getInitParameter(String name) { return null; } @Override public Enumeration<String> getInitParameterNames() { return null; } }); igniteInitialize = true; } super.doFilter(req,res,chain); } } And in SecurityConfig.java add following line to invoke filter before Ignite Web Session filter - .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class) Hope it helps.. Thanks, On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko < [hidden email]> wrote: > Rishi, > > Can you please share how you forced Ignite filter to be invoked before > security filter? > > -Val > > On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <[hidden email]> > wrote: > > > Hi Val, > > > > Thanks for the response, we have executed ignite filter before spring > > security filter but somehow the ignite filter does not do the job of > > setting spring principle context. > > > > As a result even though we have spring principle in session, spring > filter > > does not recognize it and sends us back to log in page. > > > > I think there s some more work needed here to change the filter and make > > it work with spring boot application. > > > > Take Care, > > Rishi > > > > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko < > > [hidden email]> wrote: > > > > > > Hi Rishi, > > > > > > I did some debugging. Apparently, the reason for this behavior is that > > > Spring Security filter resides before Ignite's filter in the chain > list. > > I > > > think that eventually this should be fixed in the product, but in the > > > meantime there must be a way to work around the problem by controlling > > the > > > order. Do you know how this can be done in Spring Boot? > > > > > > -Val > > > > > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <[hidden email]> > > wrote: > > >> > > >> Hi Val, > > >> > > >> Sorry for pestering, thanks for all your help. > > >> > > >> Rishi > > >> > > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko < > > >> [hidden email]> wrote: > > >> > > >>> Hi Rishi, > > >>> > > >>> Sorry, not yet. But this on my short list of TODOs, will try to give > an > > >>> update as soon as possible. > > >>> > > >>> -Val > > >>> > > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <[hidden email] > > > > >>> wrote: > > >>> > > >>>> Hi Val, > > >>>> > > >>>> any update on session replication issue ? > > >>>> > > >>>> Thanks, > > >>>> Rishi > > >>>> > > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik < > [hidden email]> > > >>>> wrote: > > >>>> > > >>>>> Thanks Val for looking into it. > > >>>>> > > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < > > >>>>> [hidden email]> wrote: > > >>>>> > > >>>>>> Hi Rishi, > > >>>>>> > > >>>>>> Got it, I think I'm reproducing the issue. I'll take a look and > let > > >>> you > > >>>>>> know my findings soon. > > >>>>>> > > >>>>>> -Val > > >>>>>> > > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik < > > >> [hidden email]> > > >>>>>> wrote: > > >>>>>> > > >>>>>>> Hi Val, > > >>>>>>> > > >>>>>>> The issue will occur in cluster environment, please setup the > > >> spring > > >>>>>> boot > > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front and > try > > >>> to > > >>>>>>> login. > > >>>>>>> > > >>>>>>> In cluster environment, Spring security does not recognize the > > >>> session > > >>>>>> on > > >>>>>>> the host you are not logged in, as a result, spring security will > > >>>>>> redirect > > >>>>>>> to login url however the correct behavior should be that user > > >> would > > >>>> stay > > >>>>>>> logged in with session replication. > > >>>>>>> > > >>>>>>> Do let me know if you need more information. > > >>>>>>> > > >>>>>>> Thanks, > > >>>>>>> Rishi > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > > >>>>>>> [hidden email]> wrote: > > >>>>>>> > > >>>>>>>> Hi Rishi, > > >>>>>>>> > > >>>>>>>> I was able to build and run the application. Can you give some > > >>>>>>> description > > >>>>>>>> on what should I test to understand the issue? What exactly > > >> didn't > > >>>>>> work > > >>>>>>> for > > >>>>>>>> you? > > >>>>>>>> > > >>>>>>>> -Val > > >>>>>>>> > > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > > >>>>>>>> [hidden email]> wrote: > > >>>>>>>> > > >>>>>>>>> Hi Rishi, > > >>>>>>>>> > > >>>>>>>>> Thanks, I'll take a look. > > >>>>>>>>> > > >>>>>>>>> -Val > > >>>>>>>>> > > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < > > >>>>>> [hidden email]> > > >>>>>>>>> wrote: > > >>>>>>>>> > > >>>>>>>>>> Hi Val, > > >>>>>>>>>> > > >>>>>>>>>> As promised, please find attached code for spring boot > > >>>> integration > > >>>>>>> with > > >>>>>>>>>> spring security along with Ignite. > > >>>>>>>>>> > > >>>>>>>>>> Some more information on project - > > >>>>>>>>>> > > >>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > > >>>>>>>>>> - spring security integrated with boot project along with > > >>>> ignite > > >>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not work, > > >> gives > > >>>>>>>>>> intermediate errors on single instance so used > > >>>>>>>> CookieCsrfTokenRepository > > >>>>>>>>>> for CSRF token, again I think we need a fix here from > > >>> Ignite. > > >>>>>>>>>> > > >>>>>>>>>> I cant reproduce this errors while I am running on single > > >>>> instance, > > >>>>>>> you > > >>>>>>>>>> need to run this app on 2 spring boot instance having proxy > > >> in > > >>>>>> front ( > > >>>>>>>> F5, > > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky session > > >> on > > >>> F5 > > >>>>>> OR > > >>>>>>>>>> proxies ). > > >>>>>>>>>> > > >>>>>>>>>> We were thinking with round robin the user session will > > >> active > > >>>>>> since > > >>>>>>> we > > >>>>>>>>>> used session replication on backend. > > >>>>>>>>>> > > >>>>>>>>>> Do let me know if you need more information here. > > >>>>>>>>>> > > >>>>>>>>>> Thanks, > > >>>>>>>>>> > > >>>>>>>>>> Rishi > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > > >>>>>> [hidden email]> > > >>>>>>>>>> wrote: > > >>>>>>>>>> > > >>>>>>>>>>> Val, > > >>>>>>>>>>> > > >>>>>>>>>>> My SB sample project is ready however I have asked for an > > >>>>>> approval to > > >>>>>>>>>>> submit sample project to you, it would take day or two. > > >>>>>>>>>>> > > >>>>>>>>>>> I will keep you posted. > > >>>>>>>>>>> > > >>>>>>>>>>> Thanks for all your help, > > >>>>>>>>>>> > > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > > >>>>>> [hidden email] > > >>>>>>>> > > >>>>>>>>>>> wrote: > > >>>>>>>>>>> > > >>>>>>>>>>>> Let me build an example app for you and send it across to > > >>> you. > > >>>>>>>>>>>> > > >>>>>>>>>>>> Thanks, > > >>>>>>>>>>>> > > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > > >>>>>>>>>>>> [hidden email]> wrote: > > >>>>>>>>>>>> > > >>>>>>>>>>>>> Rishi, > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> No I don't, and I think that's what we should start with. > > >> I > > >>>>>> want to > > >>>>>>>>>>>>> understand a use case that is currently not supported (if > > >>> any) > > >>>>>> and > > >>>>>>>> then > > >>>>>>>>>>>>> find the best solution. And I would like to reuse existing > > >>>> code > > >>>>>> as > > >>>>>>>>>>>>> much as > > >>>>>>>>>>>>> possible. > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> Do you have any code that reproduces the problem you had > > >> and > > >>>> how > > >>>>>>> you > > >>>>>>>>>>>>> tried > > >>>>>>>>>>>>> to utilize current web session clustering? Can you share > > >> it > > >>>> with > > >>>>>>> us? > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> -Val > > >>>>>>>>>>>>> > > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > > >>>>>>>> [hidden email]> > > >>>>>>>>>>>>> wrote: > > >>>>>>>>>>>>> > > >>>>>>>>>>>>>> Hi Val, > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> I am working on SB platform with spring security and we > > >>>> found > > >>>>>> out > > >>>>>>>>>>>>> that the > > >>>>>>>>>>>>>> web session filter ignite provides does not work for > > >>> session > > >>>>>>>>>>>>> management on > > >>>>>>>>>>>>>> 2 node spring boot cluster. > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in some > > >>>> weird > > >>>>>>>> errors > > >>>>>>>>>>>>> with > > >>>>>>>>>>>>>> web session filter. > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> So making compatible with spring security somehow, we > > >> need > > >>>> to > > >>>>>>> write > > >>>>>>>>>>>>>> implementation on spring session. > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> Do you have any test cases that says web session filter > > >>>> would > > >>>>>>> work > > >>>>>>>>>>>>> with > > >>>>>>>>>>>>>> spring security on boot platform ? > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> Thanks, > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > >>>>>>>>>>>>>> [hidden email]> wrote: > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> Hi Rishi, > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> Can you please take a look at web session clustering > > >>>> feature > > >>>>>>> [1] > > >>>>>>>>>>>>> provided > > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and it > > >>> seems > > >>>>>> to > > >>>>>>> me > > >>>>>>>>>>>>> it does > > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom > > >>>>>>>> implementation > > >>>>>>>>>>>>> that > > >>>>>>>>>>>>>> has > > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any > > >> additional > > >>>> API > > >>>>>> or > > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the benefit > > >> of > > >>>> this > > >>>>>>>>>>>>> feature. > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> Let me know if I'm missing something. > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> [1] https://apacheignite-mix. > > >>> readme.io/docs/web-session- > > >>>>>>>> clustering > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> -Val > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > > >>>>>>>>>>>>> [hidden email]> > > >>>>>>>>>>>>>>> wrote: > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> I would like to discuss session replication / fail > > >>> over > > >>>>>>> design > > >>>>>>>> on > > >>>>>>>>>>>>>> spring > > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best > > >> out > > >>> to > > >>>>>> get > > >>>>>>>>>>>>> started > > >>>>>>>>>>>>>>> here ? > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> Possible approaches are as follows - > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> - Make use of Spring Session for session > > >>> replication > > >>>>>> and > > >>>>>>>> fail > > >>>>>>>>>>>>> over > > >>>>>>>>>>>>>>>> - Extend the web session filter and make it work > > >> on > > >>>>>> spring > > >>>>>>>>>>>>> boot > > >>>>>>>>>>>>>>>> application > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get > > >>> started > > >>>>>> here > > >>>>>>>>>>>>> with > > >>>>>>>>>>>>>> spring > > >>>>>>>>>>>>>>>> session design however I am open for feedback here. > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>>> -- > > >>>>>>>>>>>>>>>> Rishi Yagnik > > >>>>>>>>>>>>>>>> > > >>>>>>>>>>>>>>> > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>>> -- > > >>>>>>>>>>>>>> Rishi Yagnik > > >>>>>>>>>>>>>> > > >>>>>>>>>>>>> > > >>>>>>>>>>>> > > >>>>>>>>>>>> > > >>>>>>>>>>>> > > >>>>>>>>>>>> -- > > >>>>>>>>>>>> Rishi Yagnik > > >>>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> -- > > >>>>>>>>>>> Rishi Yagnik > > >>>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>> -- > > >>>>>>>>>> Rishi Yagnik > > >>>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> -- > > >>>>>>> Rishi Yagnik > > >>>>>>> > > >>>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> -- > > >>>>> Rishi Yagnik > > >>>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rishi Yagnik > > >>>> > > >>> > > >> > > >> > > >> > > >> -- > > >> Rishi Yagnik > > >> > > > -- Rishi Yagnik |
Re: IGNITE-2741 - spring session design
|
|
Val,
Did you get chance to play around with the code ? Thanks, On Sun, Mar 5, 2017 at 7:25 PM, Rishi Yagnik <[hidden email]> wrote: > Val, > > Adding a filter before csrf filter will invoke the custom ignite filter. > > Declare a custom filter class extends it with websession filter > > public class CustomWebSessionFilter extends WebSessionFilter { > > private static boolean igniteInitialize = false > > @Override public void doFilter(ServletRequest req, ServletResponse res, > FilterChain chain) > throws IOException, ServletException { > if(!igniteInitialize) { > super.init(new FilterConfig() { > @Override > public String getFilterName() { > return "CustomWebSessionFilter"; > } > > @Override > public ServletContext getServletContext() { > return req.getServletContext(); > } > > @Override > public String getInitParameter(String name) { > return null; > } > > @Override > public Enumeration<String> getInitParameterNames() { > return null; > } > }); > igniteInitialize = true; > } > super.doFilter(req,res,chain); > } > } > > And in SecurityConfig.java add following line to invoke filter before > Ignite Web Session filter - > > .addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class) > > Hope it helps.. > > Thanks, > > On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko < > [hidden email]> wrote: > >> Rishi, >> >> Can you please share how you forced Ignite filter to be invoked before >> security filter? >> >> -Val >> >> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <[hidden email]> >> wrote: >> >> > Hi Val, >> > >> > Thanks for the response, we have executed ignite filter before spring >> > security filter but somehow the ignite filter does not do the job of >> > setting spring principle context. >> > >> > As a result even though we have spring principle in session, spring >> filter >> > does not recognize it and sends us back to log in page. >> > >> > I think there s some more work needed here to change the filter and make >> > it work with spring boot application. >> > >> > Take Care, >> > Rishi >> > >> > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko < >> > [hidden email]> wrote: >> > > >> > > Hi Rishi, >> > > >> > > I did some debugging. Apparently, the reason for this behavior is that >> > > Spring Security filter resides before Ignite's filter in the chain >> list. >> > I >> > > think that eventually this should be fixed in the product, but in the >> > > meantime there must be a way to work around the problem by controlling >> > the >> > > order. Do you know how this can be done in Spring Boot? >> > > >> > > -Val >> > > >> > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <[hidden email] >> > >> > wrote: >> > >> >> > >> Hi Val, >> > >> >> > >> Sorry for pestering, thanks for all your help. >> > >> >> > >> Rishi >> > >> >> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko < >> > >> [hidden email]> wrote: >> > >> >> > >>> Hi Rishi, >> > >>> >> > >>> Sorry, not yet. But this on my short list of TODOs, will try to >> give an >> > >>> update as soon as possible. >> > >>> >> > >>> -Val >> > >>> >> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik < >> [hidden email]> >> > >>> wrote: >> > >>> >> > >>>> Hi Val, >> > >>>> >> > >>>> any update on session replication issue ? >> > >>>> >> > >>>> Thanks, >> > >>>> Rishi >> > >>>> >> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik < >> [hidden email]> >> > >>>> wrote: >> > >>>> >> > >>>>> Thanks Val for looking into it. >> > >>>>> >> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < >> > >>>>> [hidden email]> wrote: >> > >>>>> >> > >>>>>> Hi Rishi, >> > >>>>>> >> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a look and >> let >> > >>> you >> > >>>>>> know my findings soon. >> > >>>>>> >> > >>>>>> -Val >> > >>>>>> >> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik < >> > >> [hidden email]> >> > >>>>>> wrote: >> > >>>>>> >> > >>>>>>> Hi Val, >> > >>>>>>> >> > >>>>>>> The issue will occur in cluster environment, please setup the >> > >> spring >> > >>>>>> boot >> > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front and >> try >> > >>> to >> > >>>>>>> login. >> > >>>>>>> >> > >>>>>>> In cluster environment, Spring security does not recognize the >> > >>> session >> > >>>>>> on >> > >>>>>>> the host you are not logged in, as a result, spring security >> will >> > >>>>>> redirect >> > >>>>>>> to login url however the correct behavior should be that user >> > >> would >> > >>>> stay >> > >>>>>>> logged in with session replication. >> > >>>>>>> >> > >>>>>>> Do let me know if you need more information. >> > >>>>>>> >> > >>>>>>> Thanks, >> > >>>>>>> Rishi >> > >>>>>>> >> > >>>>>>> >> > >>>>>>> >> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < >> > >>>>>>> [hidden email]> wrote: >> > >>>>>>> >> > >>>>>>>> Hi Rishi, >> > >>>>>>>> >> > >>>>>>>> I was able to build and run the application. Can you give some >> > >>>>>>> description >> > >>>>>>>> on what should I test to understand the issue? What exactly >> > >> didn't >> > >>>>>> work >> > >>>>>>> for >> > >>>>>>>> you? >> > >>>>>>>> >> > >>>>>>>> -Val >> > >>>>>>>> >> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < >> > >>>>>>>> [hidden email]> wrote: >> > >>>>>>>> >> > >>>>>>>>> Hi Rishi, >> > >>>>>>>>> >> > >>>>>>>>> Thanks, I'll take a look. >> > >>>>>>>>> >> > >>>>>>>>> -Val >> > >>>>>>>>> >> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < >> > >>>>>> [hidden email]> >> > >>>>>>>>> wrote: >> > >>>>>>>>> >> > >>>>>>>>>> Hi Val, >> > >>>>>>>>>> >> > >>>>>>>>>> As promised, please find attached code for spring boot >> > >>>> integration >> > >>>>>>> with >> > >>>>>>>>>> spring security along with Ignite. >> > >>>>>>>>>> >> > >>>>>>>>>> Some more information on project - >> > >>>>>>>>>> >> > >>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) >> > >>>>>>>>>> - spring security integrated with boot project along with >> > >>>> ignite >> > >>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not work, >> > >> gives >> > >>>>>>>>>> intermediate errors on single instance so used >> > >>>>>>>> CookieCsrfTokenRepository >> > >>>>>>>>>> for CSRF token, again I think we need a fix here from >> > >>> Ignite. >> > >>>>>>>>>> >> > >>>>>>>>>> I cant reproduce this errors while I am running on single >> > >>>> instance, >> > >>>>>>> you >> > >>>>>>>>>> need to run this app on 2 spring boot instance having proxy >> > >> in >> > >>>>>> front ( >> > >>>>>>>> F5, >> > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky session >> > >> on >> > >>> F5 >> > >>>>>> OR >> > >>>>>>>>>> proxies ). >> > >>>>>>>>>> >> > >>>>>>>>>> We were thinking with round robin the user session will >> > >> active >> > >>>>>> since >> > >>>>>>> we >> > >>>>>>>>>> used session replication on backend. >> > >>>>>>>>>> >> > >>>>>>>>>> Do let me know if you need more information here. >> > >>>>>>>>>> >> > >>>>>>>>>> Thanks, >> > >>>>>>>>>> >> > >>>>>>>>>> Rishi >> > >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < >> > >>>>>> [hidden email]> >> > >>>>>>>>>> wrote: >> > >>>>>>>>>> >> > >>>>>>>>>>> Val, >> > >>>>>>>>>>> >> > >>>>>>>>>>> My SB sample project is ready however I have asked for an >> > >>>>>> approval to >> > >>>>>>>>>>> submit sample project to you, it would take day or two. >> > >>>>>>>>>>> >> > >>>>>>>>>>> I will keep you posted. >> > >>>>>>>>>>> >> > >>>>>>>>>>> Thanks for all your help, >> > >>>>>>>>>>> >> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < >> > >>>>>> [hidden email] >> > >>>>>>>> >> > >>>>>>>>>>> wrote: >> > >>>>>>>>>>> >> > >>>>>>>>>>>> Let me build an example app for you and send it across to >> > >>> you. >> > >>>>>>>>>>>> >> > >>>>>>>>>>>> Thanks, >> > >>>>>>>>>>>> >> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < >> > >>>>>>>>>>>> [hidden email]> wrote: >> > >>>>>>>>>>>> >> > >>>>>>>>>>>>> Rishi, >> > >>>>>>>>>>>>> >> > >>>>>>>>>>>>> No I don't, and I think that's what we should start with. >> > >> I >> > >>>>>> want to >> > >>>>>>>>>>>>> understand a use case that is currently not supported (if >> > >>> any) >> > >>>>>> and >> > >>>>>>>> then >> > >>>>>>>>>>>>> find the best solution. And I would like to reuse existing >> > >>>> code >> > >>>>>> as >> > >>>>>>>>>>>>> much as >> > >>>>>>>>>>>>> possible. >> > >>>>>>>>>>>>> >> > >>>>>>>>>>>>> Do you have any code that reproduces the problem you had >> > >> and >> > >>>> how >> > >>>>>>> you >> > >>>>>>>>>>>>> tried >> > >>>>>>>>>>>>> to utilize current web session clustering? Can you share >> > >> it >> > >>>> with >> > >>>>>>> us? >> > >>>>>>>>>>>>> >> > >>>>>>>>>>>>> -Val >> > >>>>>>>>>>>>> >> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < >> > >>>>>>>> [hidden email]> >> > >>>>>>>>>>>>> wrote: >> > >>>>>>>>>>>>> >> > >>>>>>>>>>>>>> Hi Val, >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> I am working on SB platform with spring security and we >> > >>>> found >> > >>>>>> out >> > >>>>>>>>>>>>> that the >> > >>>>>>>>>>>>>> web session filter ignite provides does not work for >> > >>> session >> > >>>>>>>>>>>>> management on >> > >>>>>>>>>>>>>> 2 node spring boot cluster. >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in some >> > >>>> weird >> > >>>>>>>> errors >> > >>>>>>>>>>>>> with >> > >>>>>>>>>>>>>> web session filter. >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> So making compatible with spring security somehow, we >> > >> need >> > >>>> to >> > >>>>>>> write >> > >>>>>>>>>>>>>> implementation on spring session. >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> Do you have any test cases that says web session filter >> > >>>> would >> > >>>>>>> work >> > >>>>>>>>>>>>> with >> > >>>>>>>>>>>>>> spring security on boot platform ? >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> Thanks, >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < >> > >>>>>>>>>>>>>> [hidden email]> wrote: >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>> Hi Rishi, >> > >>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>> Can you please take a look at web session clustering >> > >>>> feature >> > >>>>>>> [1] >> > >>>>>>>>>>>>> provided >> > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and it >> > >>> seems >> > >>>>>> to >> > >>>>>>> me >> > >>>>>>>>>>>>> it does >> > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom >> > >>>>>>>> implementation >> > >>>>>>>>>>>>> that >> > >>>>>>>>>>>>>> has >> > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any >> > >> additional >> > >>>> API >> > >>>>>> or >> > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the benefit >> > >> of >> > >>>> this >> > >>>>>>>>>>>>> feature. >> > >>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>> Let me know if I'm missing something. >> > >>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix. >> > >>> readme.io/docs/web-session- >> > >>>>>>>> clustering >> > >>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>> -Val >> > >>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < >> > >>>>>>>>>>>>> [hidden email]> >> > >>>>>>>>>>>>>>> wrote: >> > >>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>>> I would like to discuss session replication / fail >> > >>> over >> > >>>>>>> design >> > >>>>>>>> on >> > >>>>>>>>>>>>>> spring >> > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best >> > >> out >> > >>> to >> > >>>>>> get >> > >>>>>>>>>>>>> started >> > >>>>>>>>>>>>>>> here ? >> > >>>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>>> Possible approaches are as follows - >> > >>>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>>> - Make use of Spring Session for session >> > >>> replication >> > >>>>>> and >> > >>>>>>>> fail >> > >>>>>>>>>>>>> over >> > >>>>>>>>>>>>>>>> - Extend the web session filter and make it work >> > >> on >> > >>>>>> spring >> > >>>>>>>>>>>>> boot >> > >>>>>>>>>>>>>>>> application >> > >>>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get >> > >>> started >> > >>>>>> here >> > >>>>>>>>>>>>> with >> > >>>>>>>>>>>>>> spring >> > >>>>>>>>>>>>>>>> session design however I am open for feedback here. >> > >>>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>>> -- >> > >>>>>>>>>>>>>>>> Rishi Yagnik >> > >>>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>>> -- >> > >>>>>>>>>>>>>> Rishi Yagnik >> > >>>>>>>>>>>>>> >> > >>>>>>>>>>>>> >> > >>>>>>>>>>>> >> > >>>>>>>>>>>> >> > >>>>>>>>>>>> >> > >>>>>>>>>>>> -- >> > >>>>>>>>>>>> Rishi Yagnik >> > >>>>>>>>>>>> >> > >>>>>>>>>>> >> > >>>>>>>>>>> >> > >>>>>>>>>>> >> > >>>>>>>>>>> -- >> > >>>>>>>>>>> Rishi Yagnik >> > >>>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> >> > >>>>>>>>>> -- >> > >>>>>>>>>> Rishi Yagnik >> > >>>>>>>>>> >> > >>>>>>>>> >> > >>>>>>>>> >> > >>>>>>>> >> > >>>>>>> >> > >>>>>>> >> > >>>>>>> >> > >>>>>>> -- >> > >>>>>>> Rishi Yagnik >> > >>>>>>> >> > >>>>>> >> > >>>>> >> > >>>>> >> > >>>>> >> > >>>>> -- >> > >>>>> Rishi Yagnik >> > >>>>> >> > >>>> >> > >>>> >> > >>>> >> > >>>> -- >> > >>>> Rishi Yagnik >> > >>>> >> > >>> >> > >> >> > >> >> > >> >> > >> -- >> > >> Rishi Yagnik >> > >> >> > >> > > > > -- > Rishi Yagnik > -- Rishi Yagnik |
«
Return to Apache Ignite Developers - Legacy Mail Archive
|
1 view|%1 views
| Free forum by Nabble | Edit this page |