Val,
Adding a filter before csrf filter will invoke the custom ignite filter.
Declare a custom filter class extends it with websession filter
public class CustomWebSessionFilter extends WebSessionFilter {
private static boolean igniteInitialize = false
@Override public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain)
throws IOException, ServletException {
if(!igniteInitialize) {
super.init(new FilterConfig() {
@Override
public String getFilterName() {
return "CustomWebSessionFilter";
}
@Override
public ServletContext getServletContext() {
return req.getServletContext();
}
@Override
public String getInitParameter(String name) {
return null;
}
@Override
public Enumeration<String> getInitParameterNames() {
return null;
}
});
igniteInitialize = true;
}
super.doFilter(req,res,chain);
}
}
And in SecurityConfig.java add following line to invoke filter before
Ignite Web Session filter -
.addFilterBefore(new ArWebSessionFilter(), CsrfFilter.class)
Hope it helps..
Thanks,
On Sun, Mar 5, 2017 at 1:28 PM, Valentin Kulichenko <
valentin.kuliche...@gmail.com> wrote:
> Rishi,
>
> Can you please share how you forced Ignite filter to be invoked before
> security filter?
>
> -Val
>
> On Sun, Mar 5, 2017 at 11:20 AM, Rishi Yagnik <rishiyag...@gmail.com>
> wrote:
>
> > Hi Val,
> >
> > Thanks for the response, we have executed ignite filter before spring
> > security filter but somehow the ignite filter does not do the job of
> > setting spring principle context.
> >
> > As a result even though we have spring principle in session, spring
> filter
> > does not recognize it and sends us back to log in page.
> >
> > I think there s some more work needed here to change the filter and make
> > it work with spring boot application.
> >
> > Take Care,
> > Rishi
> >
> > > On Mar 5, 2017, at 10:16 AM, Valentin Kulichenko <
> > valentin.kuliche...@gmail.com> wrote:
> > >
> > > Hi Rishi,
> > >
> > > I did some debugging. Apparently, the reason for this behavior is that
> > > Spring Security filter resides before Ignite's filter in the chain
> list.
> > I
> > > think that eventually this should be fixed in the product, but in the
> > > meantime there must be a way to work around the problem by controlling
> > the
> > > order. Do you know how this can be done in Spring Boot?
> > >
> > > -Val
> > >
> > >> On Tue, Feb 28, 2017 at 9:31 AM, Rishi Yagnik <rishiyag...@gmail.com>
> > wrote:
> > >>
> > >> Hi Val,
> > >>
> > >> Sorry for pestering, thanks for all your help.
> > >>
> > >> Rishi
> > >>
> > >> On Mon, Feb 27, 2017 at 7:22 PM, Valentin Kulichenko <
> > >> valentin.kuliche...@gmail.com> wrote:
> > >>
> > >>> Hi Rishi,
> > >>>
> > >>> Sorry, not yet. But this on my short list of TODOs, will try to give
> an
> > >>> update as soon as possible.
> > >>>
> > >>> -Val
> > >>>
> > >>> On Mon, Feb 27, 2017 at 7:47 AM, Rishi Yagnik <rishiyag...@gmail.com
> >
> > >>> wrote:
> > >>>
> > >>>> Hi Val,
> > >>>>
> > >>>> any update on session replication issue ?
> > >>>>
> > >>>> Thanks,
> > >>>> Rishi
> > >>>>
> > >>>> On Thu, Feb 23, 2017 at 8:07 AM, Rishi Yagnik <
> rishiyag...@gmail.com>
> > >>>> wrote:
> > >>>>
> > >>>>> Thanks Val for looking into it.
> > >>>>>
> > >>>>> On Wed, Feb 22, 2017 at 9:32 PM, Valentin Kulichenko <
> > >>>>> valentin.kuliche...@gmail.com> wrote:
> > >>>>>
> > >>>>>> Hi Rishi,
> > >>>>>>
> > >>>>>> Got it, I think I'm reproducing the issue. I'll take a look and
> let
> > >>> you
> > >>>>>> know my findings soon.
> > >>>>>>
> > >>>>>> -Val
> > >>>>>>
> > >>>>>> On Tue, Feb 21, 2017 at 7:27 PM, Rishi Yagnik <
> > >> rishiyag...@gmail.com>
> > >>>>>> wrote:
> > >>>>>>
> > >>>>>>> Hi Val,
> > >>>>>>>
> > >>>>>>> The issue will occur in cluster environment, please setup the
> > >> spring
> > >>>>>> boot
> > >>>>>>> on 2 different host with LB (F5 OR Reverse proxy) in front and
> try
> > >>> to
> > >>>>>>> login.
> > >>>>>>>
> > >>>>>>> In cluster environment, Spring security does not recognize the
> > >>> session
> > >>>>>> on
> > >>>>>>> the host you are not logged in, as a result, spring security will
> > >>>>>> redirect
> > >>>>>>> to login url however the correct behavior should be that user
> > >> would
> > >>>> stay
> > >>>>>>> logged in with session replication.
> > >>>>>>>
> > >>>>>>> Do let me know if you need more information.
> > >>>>>>>
> > >>>>>>> Thanks,
> > >>>>>>> Rishi
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> On Tue, Feb 21, 2017 at 7:08 PM, Valentin Kulichenko <
> > >>>>>>> valentin.kuliche...@gmail.com> wrote:
> > >>>>>>>
> > >>>>>>>> Hi Rishi,
> > >>>>>>>>
> > >>>>>>>> I was able to build and run the application. Can you give some
> > >>>>>>> description
> > >>>>>>>> on what should I test to understand the issue? What exactly
> > >> didn't
> > >>>>>> work
> > >>>>>>> for
> > >>>>>>>> you?
> > >>>>>>>>
> > >>>>>>>> -Val
> > >>>>>>>>
> > >>>>>>>> On Wed, Feb 15, 2017 at 10:52 AM, Valentin Kulichenko <
> > >>>>>>>> valentin.kuliche...@gmail.com> wrote:
> > >>>>>>>>
> > >>>>>>>>> Hi Rishi,
> > >>>>>>>>>
> > >>>>>>>>> Thanks, I'll take a look.
> > >>>>>>>>>
> > >>>>>>>>> -Val
> > >>>>>>>>>
> > >>>>>>>>> On Wed, Feb 15, 2017 at 9:07 AM, Rishi Yagnik <
> > >>>>>> rishiyag...@gmail.com>
> > >>>>>>>>> wrote:
> > >>>>>>>>>
> > >>>>>>>>>> Hi Val,
> > >>>>>>>>>>
> > >>>>>>>>>> As promised, please find attached code for spring boot
> > >>>> integration
> > >>>>>>> with
> > >>>>>>>>>> spring security along with Ignite.
> > >>>>>>>>>>
> > >>>>>>>>>> Some more information on project -
> > >>>>>>>>>>
> > >>>>>>>>>> - It is a maven project ( Ignite 1.7.0, SB 1.4.3 )
> > >>>>>>>>>> - spring security integrated with boot project along with
> > >>>> ignite
> > >>>>>>>>>> - HttpSessionCookieCsrfTokenRepository does not work,
> > >> gives
> > >>>>>>>>>> intermediate errors on single instance so used
> > >>>>>>>> CookieCsrfTokenRepository
> > >>>>>>>>>> for CSRF token, again I think we need a fix here from
> > >>> Ignite.
> > >>>>>>>>>>
> > >>>>>>>>>> I cant reproduce this errors while I am running on single
> > >>>> instance,
> > >>>>>>> you
> > >>>>>>>>>> need to run this app on 2 spring boot instance having proxy
> > >> in
> > >>>>>> front (
> > >>>>>>>> F5,
> > >>>>>>>>>> OR any proxy ) with round robin fashion ( no sticky session
> > >> on
> > >>> F5
> > >>>>>> OR
> > >>>>>>>>>> proxies ).
> > >>>>>>>>>>
> > >>>>>>>>>> We were thinking with round robin the user session will
> > >> active
> > >>>>>> since
> > >>>>>>> we
> > >>>>>>>>>> used session replication on backend.
> > >>>>>>>>>>
> > >>>>>>>>>> Do let me know if you need more information here.
> > >>>>>>>>>>
> > >>>>>>>>>> Thanks,
> > >>>>>>>>>>
> > >>>>>>>>>> Rishi
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>> On Tue, Feb 14, 2017 at 9:57 PM, Rishi Yagnik <
> > >>>>>> rishiyag...@gmail.com>
> > >>>>>>>>>> wrote:
> > >>>>>>>>>>
> > >>>>>>>>>>> Val,
> > >>>>>>>>>>>
> > >>>>>>>>>>> My SB sample project is ready however I have asked for an
> > >>>>>> approval to
> > >>>>>>>>>>> submit sample project to you, it would take day or two.
> > >>>>>>>>>>>
> > >>>>>>>>>>> I will keep you posted.
> > >>>>>>>>>>>
> > >>>>>>>>>>> Thanks for all your help,
> > >>>>>>>>>>>
> > >>>>>>>>>>> On Tue, Feb 14, 2017 at 3:51 PM, Rishi Yagnik <
> > >>>>>> rishiyag...@gmail.com
> > >>>>>>>>
> > >>>>>>>>>>> wrote:
> > >>>>>>>>>>>
> > >>>>>>>>>>>> Let me build an example app for you and send it across to
> > >>> you.
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> On Tue, Feb 14, 2017 at 3:28 PM, Valentin Kulichenko <
> > >>>>>>>>>>>> valentin.kuliche...@gmail.com> wrote:
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>> Rishi,
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> No I don't, and I think that's what we should start with.
> > >> I
> > >>>>>> want to
> > >>>>>>>>>>>>> understand a use case that is currently not supported (if
> > >>> any)
> > >>>>>> and
> > >>>>>>>> then
> > >>>>>>>>>>>>> find the best solution. And I would like to reuse existing
> > >>>> code
> > >>>>>> as
> > >>>>>>>>>>>>> much as
> > >>>>>>>>>>>>> possible.
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Do you have any code that reproduces the problem you had
> > >> and
> > >>>> how
> > >>>>>>> you
> > >>>>>>>>>>>>> tried
> > >>>>>>>>>>>>> to utilize current web session clustering? Can you share
> > >> it
> > >>>> with
> > >>>>>>> us?
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> On Tue, Feb 14, 2017 at 11:28 AM, Rishi Yagnik <
> > >>>>>>>> rishiyag...@gmail.com>
> > >>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Hi Val,
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> I am working on SB platform with spring security and we
> > >>>> found
> > >>>>>> out
> > >>>>>>>>>>>>> that the
> > >>>>>>>>>>>>>> web session filter ignite provides does not work for
> > >>> session
> > >>>>>>>>>>>>> management on
> > >>>>>>>>>>>>>> 2 node spring boot cluster.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Somehow, spring security filter kicks in result in some
> > >>>> weird
> > >>>>>>>> errors
> > >>>>>>>>>>>>> with
> > >>>>>>>>>>>>>> web session filter.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> So making compatible with spring security somehow, we
> > >> need
> > >>>> to
> > >>>>>>> write
> > >>>>>>>>>>>>>> implementation on spring session.
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Do you have any test cases that says web session filter
> > >>>> would
> > >>>>>>> work
> > >>>>>>>>>>>>> with
> > >>>>>>>>>>>>>> spring security on boot platform ?
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> Thanks,
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> On Tue, Feb 14, 2017 at 1:03 PM, Valentin Kulichenko <
> > >>>>>>>>>>>>>> valentin.kuliche...@gmail.com> wrote:
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> Hi Rishi,
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> Can you please take a look at web session clustering
> > >>>> feature
> > >>>>>>> [1]
> > >>>>>>>>>>>>> provided
> > >>>>>>>>>>>>>>> by Ignite? I'm looking at Spring Session docs and it
> > >>> seems
> > >>>>>> to
> > >>>>>>> me
> > >>>>>>>>>>>>> it does
> > >>>>>>>>>>>>>>> exactly the same - replaces HttpSession with custom
> > >>>>>>>> implementation
> > >>>>>>>>>>>>> that
> > >>>>>>>>>>>>>> has
> > >>>>>>>>>>>>>>> a backend storage. If it doesn't provide any
> > >> additional
> > >>>> API
> > >>>>>> or
> > >>>>>>>>>>>>>>> functionality, I'm not sure I understand the benefit
> > >> of
> > >>>> this
> > >>>>>>>>>>>>> feature.
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> Let me know if I'm missing something.
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> [1] https://apacheignite-mix.
> > >>> readme.io/docs/web-session-
> > >>>>>>>> clustering
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> -Val
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>> On Mon, Feb 13, 2017 at 2:41 PM, Rishi Yagnik <
> > >>>>>>>>>>>>> rishiyag...@gmail.com>
> > >>>>>>>>>>>>>>> wrote:
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> I would like to discuss session replication / fail
> > >>> over
> > >>>>>>> design
> > >>>>>>>> on
> > >>>>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>> boot platform and wanted to find what is the best
> > >> out
> > >>> to
> > >>>>>> get
> > >>>>>>>>>>>>> started
> > >>>>>>>>>>>>>>> here ?
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> Possible approaches are as follows -
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> - Make use of Spring Session for session
> > >>> replication
> > >>>>>> and
> > >>>>>>>> fail
> > >>>>>>>>>>>>> over
> > >>>>>>>>>>>>>>>> - Extend the web session filter and make it work
> > >> on
> > >>>>>> spring
> > >>>>>>>>>>>>> boot
> > >>>>>>>>>>>>>>>> application
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> I am thinking that best approach would be to get
> > >>> started
> > >>>>>> here
> > >>>>>>>>>>>>> with
> > >>>>>>>>>>>>>> spring
> > >>>>>>>>>>>>>>>> session design however I am open for feedback here.
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>> --
> > >>>>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> --
> > >>>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>>
> > >>>>>>>>>>> --
> > >>>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>>
> > >>>>>>>>>> --
> > >>>>>>>>>> Rishi Yagnik
> > >>>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> --
> > >>>>>>> Rishi Yagnik
> > >>>>>>>
> > >>>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> --
> > >>>>> Rishi Yagnik
> > >>>>>
> > >>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> Rishi Yagnik
> > >>>>
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> Rishi Yagnik
> > >>
> >
>
--
Rishi Yagnik
