[
https://issues.apache.org/jira/browse/IGNITE-15966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mikhail Petrov reassigned IGNITE-15966:
---------------------------------------
Assignee: Mikhail Petrov
> [Security] Operation can hang with authentication enabled after user drop
> operation
> -----------------------------------------------------------------------------------
>
> Key: IGNITE-15966
> URL: https://issues.apache.org/jira/browse/IGNITE-15966
> Project: Ignite
> Issue Type: Bug
> Reporter: Mikhail Petrov
> Assignee: Mikhail Petrov
> Priority: Blocker
> Labels: ise
> Fix For: 2.12
>
>
> Reproducer:
> {code:java}
> /** */
> public class UserDropTest extends GridCommonAbstractTest {
> /** {@inheritDoc} */
> @Override protected IgniteConfiguration getConfiguration(String
> igniteInstanceName) throws Exception {
> IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
> cfg.setAuthenticationEnabled(true);
> cfg.setDataStorageConfiguration(new DataStorageConfiguration()
> .setDefaultDataRegionConfiguration(new DataRegionConfiguration()
> .setPersistenceEnabled(true)));
> return cfg;
> }
> /** */
> @Test
> public void test() throws Exception {
> startGrid(0);
> startGrid(1);
> grid(0).cluster().state(ClusterState.ACTIVE);
> grid(0).createCache(DEFAULT_CACHE_NAME);
> try (AutoCloseable ignored =
> withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
> grid(0).context().security().createUser("cli",
> "pwd".toCharArray());
> }
> IgniteClient client = Ignition.startClient(new
> ClientConfiguration().setAddresses("127.0.0.1:10800").setUserName("cli").setUserPassword("pwd"));
> ClientCache<Object, Object> cache = client.cache(DEFAULT_CACHE_NAME);
> try (AutoCloseable ignored =
> withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
> grid(0).context().security().dropUser("cli");
> }
> Map<Integer, Integer> entries = new HashMap<>();
> for (int i = 0; i < 10000; i++)
> entries.put(i, i);
> cache.putAll(entries);
> }
> /** {@inheritDoc} */
> @Override protected void beforeTest() throws Exception {
> super.beforeTest();
> cleanPersistenceDir();
> }
> }
> {code}
> Exception:
> {code:java}
> [2021-11-22
> 11:04:32,390][ERROR][sys-stripe-3-#92%ignite.UserDropTest1%][IgniteTestResources]
> Critical system error detected. Will be handled accordingly to configured
> handler [hnd=NoOpFailureHandler [super=AbstractFailureHandler
> [ignoredFailureTypes=UnmodifiableSet [SYSTEM_WORKER_BLOCKED,
> SYSTEM_CRITICAL_OPERATION_TIMEOUT]]], failureCtx=FailureContext
> [type=SYSTEM_WORKER_TERMINATION, err=java.lang.IllegalStateException: Failed
> to find security context for subject with given ID :
> 0898b227-30d5-3afc-9394-d8e4889ece4a]]
> java.lang.IllegalStateException: Failed to find security context for subject
> with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a
> at
> org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.withContext(IgniteSecurityProcessor.java:167)
> at
> org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1906)
> at
> org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1528)
> at
> org.apache.ignite.internal.managers.communication.GridIoManager.access$5300(GridIoManager.java:242)
> at
> org.apache.ignite.internal.managers.communication.GridIoManager$9.execute(GridIoManager.java:1421)
> at
> org.apache.ignite.internal.managers.communication.TraceRunnable.run(TraceRunnable.java:55)
> at
> org.apache.ignite.internal.util.StripedExecutor$Stripe.body(StripedExecutor.java:569)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125)
> at java.lang.Thread.run(Thread.java:748)
> {code}
> The main problem is:
> Implementation of authentication plugin ties security user with the subject
> ID that is propagated through cluster nodes.
> If some node receives operation initiated by the deleted user, it fails to
> obtain its security context via subject id and hangs with mentioned above
> exception.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
