You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Amelchev Nikita (Jira)" <ji...@apache.org> on 2022/04/06 10:04:00 UTC
[jira] [Updated] (IGNITE-15966) [Security] Operation can hang with authentication enabled after user drop operation
[ https://issues.apache.org/jira/browse/IGNITE-15966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Amelchev Nikita updated IGNITE-15966:
-------------------------------------
Fix Version/s: (was: 2.13)
> [Security] Operation can hang with authentication enabled after user drop operation
> -----------------------------------------------------------------------------------
>
> Key: IGNITE-15966
> URL: https://issues.apache.org/jira/browse/IGNITE-15966
> Project: Ignite
> Issue Type: Bug
> Reporter: Mikhail Petrov
> Priority: Major
> Labels: ise
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Reproducer:
> {code:java}
> /** */
> public class UserDropTest extends GridCommonAbstractTest {
> /** {@inheritDoc} */
> @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
> IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
> cfg.setAuthenticationEnabled(true);
> cfg.setDataStorageConfiguration(new DataStorageConfiguration()
> .setDefaultDataRegionConfiguration(new DataRegionConfiguration()
> .setPersistenceEnabled(true)));
> return cfg;
> }
> /** */
> @Test
> public void test() throws Exception {
> startGrid(0);
> startGrid(1);
> grid(0).cluster().state(ClusterState.ACTIVE);
> grid(0).createCache(DEFAULT_CACHE_NAME);
> try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
> grid(0).context().security().createUser("cli", "pwd".toCharArray());
> }
> IgniteClient client = Ignition.startClient(new ClientConfiguration().setAddresses("127.0.0.1:10800").setUserName("cli").setUserPassword("pwd"));
> ClientCache<Object, Object> cache = client.cache(DEFAULT_CACHE_NAME);
> try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
> grid(0).context().security().dropUser("cli");
> }
> Map<Integer, Integer> entries = new HashMap<>();
> for (int i = 0; i < 10000; i++)
> entries.put(i, i);
> cache.putAll(entries);
> }
> /** {@inheritDoc} */
> @Override protected void beforeTest() throws Exception {
> super.beforeTest();
> cleanPersistenceDir();
> }
> }
> {code}
> Exception:
> {code:java}
> [2021-11-22 11:04:32,390][ERROR][sys-stripe-3-#92%ignite.UserDropTest1%][IgniteTestResources] Critical system error detected. Will be handled accordingly to configured handler [hnd=NoOpFailureHandler [super=AbstractFailureHandler [ignoredFailureTypes=UnmodifiableSet [SYSTEM_WORKER_BLOCKED, SYSTEM_CRITICAL_OPERATION_TIMEOUT]]], failureCtx=FailureContext [type=SYSTEM_WORKER_TERMINATION, err=java.lang.IllegalStateException: Failed to find security context for subject with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a]]
> java.lang.IllegalStateException: Failed to find security context for subject with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a
> at org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.withContext(IgniteSecurityProcessor.java:167)
> at org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1906)
> at org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1528)
> at org.apache.ignite.internal.managers.communication.GridIoManager.access$5300(GridIoManager.java:242)
> at org.apache.ignite.internal.managers.communication.GridIoManager$9.execute(GridIoManager.java:1421)
> at org.apache.ignite.internal.managers.communication.TraceRunnable.run(TraceRunnable.java:55)
> at org.apache.ignite.internal.util.StripedExecutor$Stripe.body(StripedExecutor.java:569)
> at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125)
> at java.lang.Thread.run(Thread.java:748)
> {code}
> The main problem is:
> Implementation of authentication plugin ties security user with the subject ID that is propagated through cluster nodes.
> If some node receives operation initiated by the deleted user, it fails to obtain its security context via subject id and hangs with mentioned above exception.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)