You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Amelchev Nikita (Jira)" <ji...@apache.org> on 2022/04/06 10:04:00 UTC
[jira] [Updated] (IGNITE-16068) Operations hang with different characters encoding on nodes and authentication enabled.

     [ https://issues.apache.org/jira/browse/IGNITE-16068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Amelchev Nikita updated IGNITE-16068:
-------------------------------------
    Fix Version/s:     (was: 2.13)

> Operations hang with different characters encoding on nodes and authentication enabled.
> ---------------------------------------------------------------------------------------
>
>                 Key: IGNITE-16068
>                 URL: https://issues.apache.org/jira/browse/IGNITE-16068
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Mikhail Petrov
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Reproducer: 
> {code:java}
> /**   */
> public class AuthenticatorMultiJvmEncodingTest extends GridCommonAbstractTest {
>     /** Character encoding name that will be applied to the next Ignite process start. */
>     private String jvmCharacterEncoding;
>     /** {@inheritDoc} */
>     @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
>         IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
>         cfg.setAuthenticationEnabled(true);
>         cfg.setDataStorageConfiguration(new DataStorageConfiguration()
>             .setDefaultDataRegionConfiguration(new DataRegionConfiguration()
>                 .setMaxSize(100 * (1 << 20))
>                 .setPersistenceEnabled(true)));
>         return cfg;
>     }
>     /** {@inheritDoc} */
>     @Override protected List<String> additionalRemoteJvmArgs() {
>         List<String> args = super.additionalRemoteJvmArgs();
>         args.add("-Dfile.encoding=" + jvmCharacterEncoding);
>         return args;
>     }
>     /** {@inheritDoc} */
>     @Override protected boolean isRemoteJvm(String igniteInstanceName) {
>         return getTestIgniteInstanceIndex(igniteInstanceName) != 0;
>     }
>     /** {@inheritDoc} */
>     @Override protected void beforeTest() throws Exception {
>         super.beforeTest();
>         cleanPersistenceDir();
>     }
>     /** */
>     @Test
>     public void testMultipleJvmInstancesWithDifferentEncoding() throws Exception {
>         startGrid(0);
>         jvmCharacterEncoding = "Big5";
>         startGrid(1);
>         jvmCharacterEncoding = "UTF-8";
>         startGrid(2);
>         grid(0).cluster().state(ACTIVE);
>         grid(0).createCache(DEFAULT_CACHE_NAME);
>         String login = "語";
>         String pwd = "語";
>         try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
>             grid(0).context().security().createUser(login, pwd.toCharArray());
>         }
>         try (
>             IgniteClient cli = Ignition.startClient(new ClientConfiguration().setAddresses("127.0.0.1:10800")
>                 .setUserName(login)
>                 .setUserPassword(pwd))
>         ) {
>             ClientCache<Integer, Integer> cache = cli.cache(DEFAULT_CACHE_NAME);
>             Map<Integer, Integer> entries = new HashMap<>();
>             for (int i = 0; i < 1000; i++)
>                 entries.put(i, i);
>             cache.putAll(entries);
>         }
>     }
> }
> {code}
> Exception on server node before hanging:
> {code:java}
> java.lang.IllegalStateException: Failed to find security context for subject with given ID : c950cc94-38f1-304d-b858-2aa6e9478357
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.withContext(IgniteSecurityProcessor.java:167)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1906)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1528)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.managers.communication.GridIoManager.access$5300(GridIoManager.java:242)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.managers.communication.GridIoManager$9.execute(GridIoManager.java:1421)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.managers.communication.TraceRunnable.run(TraceRunnable.java:55)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.util.StripedExecutor$Stripe.body(StripedExecutor.java:569)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2] 	at java.lang.Thread.run(Thread.java:748)
> {code}
> The main reason of described above behavior is that IgniteAuthenticatorProcessor uses default JVM character encoding when calculating security subject ID. So different nodes can add the same user with different IDs if they are running in JVMS with different default characters encoding. As a result user can not be found during operations that involve multiple nodes.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)