Hi Rishi, I did some debugging. Apparently, the reason for this behavior is that Spring Security filter resides before Ignite's filter in the chain list. I think that eventually this should be fixed in the product, but in the meantime there must be a way to work around the problem by controlling the order. Do you know how this can be done in Spring Boot?
-Val On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <rishiyag...@gmail.com> wrote: > Hi Val, > > Sorry for pestering, thanks for all your help. > > Rishi > > On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko < > valentin.kuliche...@gmail.com> wrote: > > > Hi Rishi, > > > > Sorry, not yet. But this on my short list of TODOs, will try to give an > > update as soon as possible. > > > > -Val > > > > On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <rishiyag...@gmail.com> > > wrote: > > > > > Hi Val, > > > > > > any update on session replication issue ? > > > > > > Thanks, > > > Rishi > > > > > > On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <rishiyag...@gmail.com> > > > wrote: > > > > > > > Thanks Val for looking into it. > > > > > > > > On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko < > > > > valentin.kuliche...@gmail.com> wrote: > > > > > > > >> Hi Rishi, > > > >> > > > >> Got it, I think I'm reproducing the issue. I'll take a look and let > > you > > > >> know my findings soon. > > > >> > > > >> -Val > > > >> > > > >> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik < > rishiyag...@gmail.com> > > > >> wrote: > > > >> > > > >> > Hi Val, > > > >> > > > > >> > The issue will occur in cluster environment, please setup the > spring > > > >> boot > > > >> > on 2 different host with LB (F5 OR Reverse proxy) in front and try > > to > > > >> > login. > > > >> > > > > >> > In cluster environment, Spring security does not recognize the > > session > > > >> on > > > >> > the host you are not logged in, as a result, spring security will > > > >> redirect > > > >> > to login url however the correct behavior should be that user > would > > > stay > > > >> > logged in with session replication. > > > >> > > > > >> > Do let me know if you need more information. > > > >> > > > > >> > Thanks, > > > >> > Rishi > > > >> > > > > >> > > > > >> > > > > >> > On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko < > > > >> > valentin.kuliche...@gmail.com> wrote: > > > >> > > > > >> > > Hi Rishi, > > > >> > > > > > >> > > I was able to build and run the application. Can you give some > > > >> > description > > > >> > > on what should I test to understand the issue? What exactly > didn't > > > >> work > > > >> > for > > > >> > > you? > > > >> > > > > > >> > > -Val > > > >> > > > > > >> > > On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko < > > > >> > > valentin.kuliche...@gmail.com> wrote: > > > >> > > > > > >> > > > Hi Rishi, > > > >> > > > > > > >> > > > Thanks, I'll take a look. > > > >> > > > > > > >> > > > -Val > > > >> > > > > > > >> > > > On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik < > > > >> rishiyag...@gmail.com> > > > >> > > > wrote: > > > >> > > > > > > >> > > >> Hi Val, > > > >> > > >> > > > >> > > >> As promised, please find attached code for spring boot > > > integration > > > >> > with > > > >> > > >> spring security along with Ignite. > > > >> > > >> > > > >> > > >> Some more information on project - > > > >> > > >> > > > >> > > >> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 ) > > > >> > > >> - spring security integrated with boot project along with > > > ignite > > > >> > > >> - HttpSessionCookieCsrfTokenRepository does not work, > gives > > > >> > > >> intermediate errors on single instance so used > > > >> > > CookieCsrfTokenRepository > > > >> > > >> for CSRF token, again I think we need a fix here from > > Ignite. > > > >> > > >> > > > >> > > >> I cant reproduce this errors while I am running on single > > > instance, > > > >> > you > > > >> > > >> need to run this app on 2 spring boot instance having proxy > in > > > >> front ( > > > >> > > F5, > > > >> > > >> OR any proxy ) with round robin fashion ( no sticky session > on > > F5 > > > >> OR > > > >> > > >> proxies ). > > > >> > > >> > > > >> > > >> We were thinking with round robin the user session will > active > > > >> since > > > >> > we > > > >> > > >> used session replication on backend. > > > >> > > >> > > > >> > > >> Do let me know if you need more information here. > > > >> > > >> > > > >> > > >> Thanks, > > > >> > > >> > > > >> > > >> Rishi > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik < > > > >> rishiyag...@gmail.com> > > > >> > > >> wrote: > > > >> > > >> > > > >> > > >>> Val, > > > >> > > >>> > > > >> > > >>> My SB sample project is ready however I have asked for an > > > >> approval to > > > >> > > >>> submit sample project to you, it would take day or two. > > > >> > > >>> > > > >> > > >>> I will keep you posted. > > > >> > > >>> > > > >> > > >>> Thanks for all your help, > > > >> > > >>> > > > >> > > >>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik < > > > >> rishiyag...@gmail.com > > > >> > > > > > >> > > >>> wrote: > > > >> > > >>> > > > >> > > >>>> Let me build an example app for you and send it across to > > you. > > > >> > > >>>> > > > >> > > >>>> Thanks, > > > >> > > >>>> > > > >> > > >>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko < > > > >> > > >>>> valentin.kuliche...@gmail.com> wrote: > > > >> > > >>>> > > > >> > > >>>>> Rishi, > > > >> > > >>>>> > > > >> > > >>>>> No I don't, and I think that's what we should start with. > I > > > >> want to > > > >> > > >>>>> understand a use case that is currently not supported (if > > any) > > > >> and > > > >> > > then > > > >> > > >>>>> find the best solution. And I would like to reuse existing > > > code > > > >> as > > > >> > > >>>>> much as > > > >> > > >>>>> possible. > > > >> > > >>>>> > > > >> > > >>>>> Do you have any code that reproduces the problem you had > and > > > how > > > >> > you > > > >> > > >>>>> tried > > > >> > > >>>>> to utilize current web session clustering? Can you share > it > > > with > > > >> > us? > > > >> > > >>>>> > > > >> > > >>>>> -Val > > > >> > > >>>>> > > > >> > > >>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik < > > > >> > > rishiyag...@gmail.com> > > > >> > > >>>>> wrote: > > > >> > > >>>>> > > > >> > > >>>>> > Hi Val, > > > >> > > >>>>> > > > > >> > > >>>>> > I am working on SB platform with spring security and we > > > found > > > >> out > > > >> > > >>>>> that the > > > >> > > >>>>> > web session filter ignite provides does not work for > > session > > > >> > > >>>>> management on > > > >> > > >>>>> > 2 node spring boot cluster. > > > >> > > >>>>> > > > > >> > > >>>>> > Somehow, spring security filter kicks in result in some > > > weird > > > >> > > errors > > > >> > > >>>>> with > > > >> > > >>>>> > web session filter. > > > >> > > >>>>> > > > > >> > > >>>>> > So making compatible with spring security somehow, we > need > > > to > > > >> > write > > > >> > > >>>>> > implementation on spring session. > > > >> > > >>>>> > > > > >> > > >>>>> > Do you have any test cases that says web session filter > > > would > > > >> > work > > > >> > > >>>>> with > > > >> > > >>>>> > spring security on boot platform ? > > > >> > > >>>>> > > > > >> > > >>>>> > Thanks, > > > >> > > >>>>> > > > > >> > > >>>>> > > > > >> > > >>>>> > On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko < > > > >> > > >>>>> > valentin.kuliche...@gmail.com> wrote: > > > >> > > >>>>> > > > > >> > > >>>>> > > Hi Rishi, > > > >> > > >>>>> > > > > > >> > > >>>>> > > Can you please take a look at web session clustering > > > feature > > > >> > [1] > > > >> > > >>>>> provided > > > >> > > >>>>> > > by Ignite? I'm looking at Spring Session docs and it > > seems > > > >> to > > > >> > me > > > >> > > >>>>> it does > > > >> > > >>>>> > > exactly the same - replaces HttpSession with custom > > > >> > > implementation > > > >> > > >>>>> that > > > >> > > >>>>> > has > > > >> > > >>>>> > > a backend storage. If it doesn't provide any > additional > > > API > > > >> or > > > >> > > >>>>> > > functionality, I'm not sure I understand the benefit > of > > > this > > > >> > > >>>>> feature. > > > >> > > >>>>> > > > > > >> > > >>>>> > > Let me know if I'm missing something. > > > >> > > >>>>> > > > > > >> > > >>>>> > > [1] https://apacheignite-mix. > > readme.io/docs/web-session- > > > >> > > clustering > > > >> > > >>>>> > > > > > >> > > >>>>> > > -Val > > > >> > > >>>>> > > > > > >> > > >>>>> > > On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik < > > > >> > > >>>>> rishiyag...@gmail.com> > > > >> > > >>>>> > > wrote: > > > >> > > >>>>> > > > > > >> > > >>>>> > > > I would like to discuss session replication / fail > > over > > > >> > design > > > >> > > on > > > >> > > >>>>> > spring > > > >> > > >>>>> > > > boot platform and wanted to find what is the best > out > > to > > > >> get > > > >> > > >>>>> started > > > >> > > >>>>> > > here ? > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > Possible approaches are as follows - > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > - Make use of Spring Session for session > > replication > > > >> and > > > >> > > fail > > > >> > > >>>>> over > > > >> > > >>>>> > > > - Extend the web session filter and make it work > on > > > >> spring > > > >> > > >>>>> boot > > > >> > > >>>>> > > > application > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > I am thinking that best approach would be to get > > started > > > >> here > > > >> > > >>>>> with > > > >> > > >>>>> > spring > > > >> > > >>>>> > > > session design however I am open for feedback here. > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > -- > > > >> > > >>>>> > > > Rishi Yagnik > > > >> > > >>>>> > > > > > > >> > > >>>>> > > > > > >> > > >>>>> > > > > >> > > >>>>> > > > > >> > > >>>>> > > > > >> > > >>>>> > -- > > > >> > > >>>>> > Rishi Yagnik > > > >> > > >>>>> > > > > >> > > >>>>> > > > >> > > >>>> > > > >> > > >>>> > > > >> > > >>>> > > > >> > > >>>> -- > > > >> > > >>>> Rishi Yagnik > > > >> > > >>>> > > > >> > > >>> > > > >> > > >>> > > > >> > > >>> > > > >> > > >>> -- > > > >> > > >>> Rishi Yagnik > > > >> > > >>> > > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> -- > > > >> > > >> Rishi Yagnik > > > >> > > >> > > > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > -- > > > >> > Rishi Yagnik > > > >> > > > > >> > > > > > > > > > > > > > > > > -- > > > > Rishi Yagnik > > > > > > > > > > > > > > > > -- > > > Rishi Yagnik > > > > > > > > > -- > Rishi Yagnik >
