Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
Docs Required, Release Notes Required
Description
Reproducer:
/** */ public class UserDropTest extends GridCommonAbstractTest { /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName); cfg.setAuthenticationEnabled(true); cfg.setDataStorageConfiguration(new DataStorageConfiguration() .setDefaultDataRegionConfiguration(new DataRegionConfiguration() .setPersistenceEnabled(true))); return cfg; } /** */ @Test public void test() throws Exception { startGrid(0); startGrid(1); grid(0).cluster().state(ClusterState.ACTIVE); grid(0).createCache(DEFAULT_CACHE_NAME); try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) { grid(0).context().security().createUser("cli", "pwd".toCharArray()); } IgniteClient client = Ignition.startClient(new ClientConfiguration().setAddresses("127.0.0.1:10800").setUserName("cli").setUserPassword("pwd")); ClientCache<Object, Object> cache = client.cache(DEFAULT_CACHE_NAME); try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) { grid(0).context().security().dropUser("cli"); } Map<Integer, Integer> entries = new HashMap<>(); for (int i = 0; i < 10000; i++) entries.put(i, i); cache.putAll(entries); } /** {@inheritDoc} */ @Override protected void beforeTest() throws Exception { super.beforeTest(); cleanPersistenceDir(); } }
Exception:
[2021-11-22 11:04:32,390][ERROR][sys-stripe-3-#92%ignite.UserDropTest1%][IgniteTestResources] Critical system error detected. Will be handled accordingly to configured handler [hnd=NoOpFailureHandler [super=AbstractFailureHandler [ignoredFailureTypes=UnmodifiableSet [SYSTEM_WORKER_BLOCKED, SYSTEM_CRITICAL_OPERATION_TIMEOUT]]], failureCtx=FailureContext [type=SYSTEM_WORKER_TERMINATION, err=java.lang.IllegalStateException: Failed to find security context for subject with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a]] java.lang.IllegalStateException: Failed to find security context for subject with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a at org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.withContext(IgniteSecurityProcessor.java:167) at org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1906) at org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1528) at org.apache.ignite.internal.managers.communication.GridIoManager.access$5300(GridIoManager.java:242) at org.apache.ignite.internal.managers.communication.GridIoManager$9.execute(GridIoManager.java:1421) at org.apache.ignite.internal.managers.communication.TraceRunnable.run(TraceRunnable.java:55) at org.apache.ignite.internal.util.StripedExecutor$Stripe.body(StripedExecutor.java:569) at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125) at java.lang.Thread.run(Thread.java:748)
The main problem is:
Implementation of authentication plugin ties security user with the subject ID that is propagated through cluster nodes.
If some node receives operation initiated by the deleted user, it fails to obtain its security context via subject id and hangs with mentioned above exception.
Attachments
Issue Links
- relates to
-
IGNITE-16068 Operations hang with different characters encoding on nodes and authentication enabled.
- Open
-
IGNITE-19410 Node failure in case multiple nodes join and leave a cluster simultaneously with security is enabled.
- Resolved
- links to