You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Amelchev Nikita (Jira)" <ji...@apache.org> on 2022/04/06 10:04:00 UTC
[jira] [Updated] (IGNITE-15966) [Security] Operation can hang with authentication enabled after user drop operation

     [ https://issues.apache.org/jira/browse/IGNITE-15966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Amelchev Nikita updated IGNITE-15966:
-------------------------------------
    Fix Version/s:     (was: 2.13)

> [Security] Operation can hang with authentication enabled after user drop operation
> -----------------------------------------------------------------------------------
>
>                 Key: IGNITE-15966
>                 URL: https://issues.apache.org/jira/browse/IGNITE-15966
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Mikhail Petrov
>            Priority: Major
>              Labels: ise
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Reproducer: 
> {code:java}
> /** */
> public class UserDropTest extends GridCommonAbstractTest {
>     /** {@inheritDoc} */
>     @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
>         IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
>         cfg.setAuthenticationEnabled(true);
>         cfg.setDataStorageConfiguration(new DataStorageConfiguration()
>             .setDefaultDataRegionConfiguration(new DataRegionConfiguration()
>                 .setPersistenceEnabled(true)));
>         return cfg;
>     }
>     /** */
>     @Test
>     public void test() throws Exception {
>         startGrid(0);
>         startGrid(1);
>         grid(0).cluster().state(ClusterState.ACTIVE);
>         grid(0).createCache(DEFAULT_CACHE_NAME);
>         try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
>             grid(0).context().security().createUser("cli", "pwd".toCharArray());
>         }
>         IgniteClient client = Ignition.startClient(new ClientConfiguration().setAddresses("127.0.0.1:10800").setUserName("cli").setUserPassword("pwd"));
>         ClientCache<Object, Object> cache = client.cache(DEFAULT_CACHE_NAME);
>         try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
>             grid(0).context().security().dropUser("cli");
>         }
>         Map<Integer, Integer> entries = new HashMap<>();
>         for (int i = 0; i < 10000; i++)
>             entries.put(i, i);
>         cache.putAll(entries);
>     }
>     /** {@inheritDoc} */
>     @Override protected void beforeTest() throws Exception {
>         super.beforeTest();
>         cleanPersistenceDir();
>     }
> }
> {code}
> Exception:
> {code:java}
> [2021-11-22 11:04:32,390][ERROR][sys-stripe-3-#92%ignite.UserDropTest1%][IgniteTestResources] Critical system error detected. Will be handled accordingly to configured handler [hnd=NoOpFailureHandler [super=AbstractFailureHandler [ignoredFailureTypes=UnmodifiableSet [SYSTEM_WORKER_BLOCKED, SYSTEM_CRITICAL_OPERATION_TIMEOUT]]], failureCtx=FailureContext [type=SYSTEM_WORKER_TERMINATION, err=java.lang.IllegalStateException: Failed to find security context for subject with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a]]
> java.lang.IllegalStateException: Failed to find security context for subject with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a
> 	at org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.withContext(IgniteSecurityProcessor.java:167)
> 	at org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1906)
> 	at org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1528)
> 	at org.apache.ignite.internal.managers.communication.GridIoManager.access$5300(GridIoManager.java:242)
> 	at org.apache.ignite.internal.managers.communication.GridIoManager$9.execute(GridIoManager.java:1421)
> 	at org.apache.ignite.internal.managers.communication.TraceRunnable.run(TraceRunnable.java:55)
> 	at org.apache.ignite.internal.util.StripedExecutor$Stripe.body(StripedExecutor.java:569)
> 	at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125)
> 	at java.lang.Thread.run(Thread.java:748)
> {code}
> The main problem is:
> Implementation of authentication plugin ties security user with the subject ID that is propagated through cluster nodes.
> If some node receives operation initiated by the deleted user, it fails to obtain its security context via subject id and hangs with mentioned above exception.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)