Hi Val, The issue will occur in cluster environment, please setup the spring boot on 2 different host with LB (F5 OR Reverse proxy) in front and try to login.
In cluster environment, Spring security does not recognize the session on the host you are not logged in, as a result, spring security will redirect to login url however the correct behavior should be that user would stay logged in with session replication. Do let me know if you need more information. Thanks, Rishi On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < valentin.kuliche...@gmail.com> wrote: > Hi Rishi, > > I was able to build and run the application. Can you give some description > on what should I test to understand the issue? What exactly didn't work for > you? > > -Val > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > valentin.kuliche...@gmail.com> wrote: > > > Hi Rishi, > > > > Thanks, I'll take a look. > > > > -Val > > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <rishiyag...@gmail.com> > > wrote: > > > >> Hi Val, > >> > >> As promised, please find attached code for spring boot integration with > >> spring security along with Ignite. > >> > >> Some more information on project - > >> > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > >> - spring security integrated with boot project along with ignite > >> - HttpSessionCookieCsrfTokenRepository does not work, gives > >> intermediate errors on single instance so used > CookieCsrfTokenRepository > >> for CSRF token, again I think we need a fix here from Ignite. > >> > >> I cant reproduce this errors while I am running on single instance, you > >> need to run this app on 2 spring boot instance having proxy in front ( > F5, > >> OR any proxy ) with round robin fashion ( no sticky session on F5 OR > >> proxies ). > >> > >> We were thinking with round robin the user session will active since we > >> used session replication on backend. > >> > >> Do let me know if you need more information here. > >> > >> Thanks, > >> > >> Rishi > >> > >> > >> > >> > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <rishiyag...@gmail.com> > >> wrote: > >> > >>> Val, > >>> > >>> My SB sample project is ready however I have asked for an approval to > >>> submit sample project to you, it would take day or two. > >>> > >>> I will keep you posted. > >>> > >>> Thanks for all your help, > >>> > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <rishiyag...@gmail.com> > >>> wrote: > >>> > >>>> Let me build an example app for you and send it across to you. > >>>> > >>>> Thanks, > >>>> > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > >>>> valentin.kuliche...@gmail.com> wrote: > >>>> > >>>>> Rishi, > >>>>> > >>>>> No I don't, and I think that's what we should start with. I want to > >>>>> understand a use case that is currently not supported (if any) and > then > >>>>> find the best solution. And I would like to reuse existing code as > >>>>> much as > >>>>> possible. > >>>>> > >>>>> Do you have any code that reproduces the problem you had and how you > >>>>> tried > >>>>> to utilize current web session clustering? Can you share it with us? > >>>>> > >>>>> -Val > >>>>> > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > rishiyag...@gmail.com> > >>>>> wrote: > >>>>> > >>>>> > Hi Val, > >>>>> > > >>>>> > I am working on SB platform with spring security and we found out > >>>>> that the > >>>>> > web session filter ignite provides does not work for session > >>>>> management on > >>>>> > 2 node spring boot cluster. > >>>>> > > >>>>> > Somehow, spring security filter kicks in result in some weird > errors > >>>>> with > >>>>> > web session filter. > >>>>> > > >>>>> > So making compatible with spring security somehow, we need to write > >>>>> > implementation on spring session. > >>>>> > > >>>>> > Do you have any test cases that says web session filter would work > >>>>> with > >>>>> > spring security on boot platform ? > >>>>> > > >>>>> > Thanks, > >>>>> > > >>>>> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > >>>>> > valentin.kuliche...@gmail.com> wrote: > >>>>> > > >>>>> > > Hi Rishi, > >>>>> > > > >>>>> > > Can you please take a look at web session clustering feature [1] > >>>>> provided > >>>>> > > by Ignite? I'm looking at Spring Session docs and it seems to me > >>>>> it does > >>>>> > > exactly the same - replaces HttpSession with custom > implementation > >>>>> that > >>>>> > has > >>>>> > > a backend storage. If it doesn't provide any additional API or > >>>>> > > functionality, I'm not sure I understand the benefit of this > >>>>> feature. > >>>>> > > > >>>>> > > Let me know if I'm missing something. > >>>>> > > > >>>>> > > [1] https://apacheignite-mix.readme.io/docs/web-session- > clustering > >>>>> > > > >>>>> > > -Val > >>>>> > > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > >>>>> rishiyag...@gmail.com> > >>>>> > > wrote: > >>>>> > > > >>>>> > > > I would like to discuss session replication / fail over design > on > >>>>> > spring > >>>>> > > > boot platform and wanted to find what is the best out to get > >>>>> started > >>>>> > > here ? > >>>>> > > > > >>>>> > > > Possible approaches are as follows - > >>>>> > > > > >>>>> > > > - Make use of Spring Session for session replication and > fail > >>>>> over > >>>>> > > > - Extend the web session filter and make it work on spring > >>>>> boot > >>>>> > > > application > >>>>> > > > > >>>>> > > > > >>>>> > > > I am thinking that best approach would be to get started here > >>>>> with > >>>>> > spring > >>>>> > > > session design however I am open for feedback here. > >>>>> > > > > >>>>> > > > -- > >>>>> > > > Rishi Yagnik > >>>>> > > > > >>>>> > > > >>>>> > > >>>>> > > >>>>> > > >>>>> > -- > >>>>> > Rishi Yagnik > >>>>> > > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Rishi Yagnik > >>>> > >>> > >>> > >>> > >>> -- > >>> Rishi Yagnik > >>> > >> > >> > >> > >> -- > >> Rishi Yagnik > >> > > > > > -- Rishi Yagnik
