[jira] [Updated] (IGNITE-15966) [Security] Nodes can hang with authentication enabled after user drop operation

Mon, 22 Nov 2021 01:54:06 -0800 


     [ 
https://issues.apache.org/jira/browse/IGNITE-15966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nikolay Izhikov updated IGNITE-15966:
-------------------------------------
    Priority: Blocker  (was: Major)

> [Security] Nodes can hang with authentication enabled after user drop 
> operation
> -------------------------------------------------------------------------------
>
>                 Key: IGNITE-15966
>                 URL: https://issues.apache.org/jira/browse/IGNITE-15966
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Mikhail Petrov
>            Priority: Blocker
>             Fix For: 2.12
>
>
> Reproducer: 
> {code:java}
> /** */
> public class UserDropTest extends GridCommonAbstractTest {
>     /** {@inheritDoc} */
>     @Override protected IgniteConfiguration getConfiguration(String 
> igniteInstanceName) throws Exception {
>         IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
>         cfg.setAuthenticationEnabled(true);
>         cfg.setDataStorageConfiguration(new DataStorageConfiguration()
>             .setDefaultDataRegionConfiguration(new DataRegionConfiguration()
>                 .setPersistenceEnabled(true)));
>         return cfg;
>     }
>     /** */
>     @Test
>     public void test() throws Exception {
>         startGrid(0);
>         startGrid(1);
>         grid(0).cluster().state(ClusterState.ACTIVE);
>         grid(0).createCache(DEFAULT_CACHE_NAME);
>         try (AutoCloseable ignored = 
> withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
>             grid(0).context().security().createUser("cli", 
> "pwd".toCharArray());
>         }
>         IgniteClient client = Ignition.startClient(new 
> ClientConfiguration().setAddresses("127.0.0.1:10800").setUserName("cli").setUserPassword("pwd"));
>         ClientCache<Object, Object> cache = client.cache(DEFAULT_CACHE_NAME);
>         try (AutoCloseable ignored = 
> withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
>             grid(0).context().security().dropUser("cli");
>         }
>         Map<Integer, Integer> entries = new HashMap<>();
>         for (int i = 0; i < 10000; i++)
>             entries.put(i, i);
>         cache.putAll(entries);
>     }
>     /** {@inheritDoc} */
>     @Override protected void beforeTest() throws Exception {
>         super.beforeTest();
>         cleanPersistenceDir();
>     }
> }
> {code}
> Exception:
> {code:java}
> [2021-11-22 
> 11:04:32,390][ERROR][sys-stripe-3-#92%ignite.UserDropTest1%][IgniteTestResources]
>  Critical system error detected. Will be handled accordingly to configured 
> handler [hnd=NoOpFailureHandler [super=AbstractFailureHandler 
> [ignoredFailureTypes=UnmodifiableSet [SYSTEM_WORKER_BLOCKED, 
> SYSTEM_CRITICAL_OPERATION_TIMEOUT]]], failureCtx=FailureContext 
> [type=SYSTEM_WORKER_TERMINATION, err=java.lang.IllegalStateException: Failed 
> to find security context for subject with given ID : 
> 0898b227-30d5-3afc-9394-d8e4889ece4a]]
> java.lang.IllegalStateException: Failed to find security context for subject 
> with given ID : 0898b227-30d5-3afc-9394-d8e4889ece4a
>       at 
> org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.withContext(IgniteSecurityProcessor.java:167)
>       at 
> org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1906)
>       at 
> org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1528)
>       at 
> org.apache.ignite.internal.managers.communication.GridIoManager.access$5300(GridIoManager.java:242)
>       at 
> org.apache.ignite.internal.managers.communication.GridIoManager$9.execute(GridIoManager.java:1421)
>       at 
> org.apache.ignite.internal.managers.communication.TraceRunnable.run(TraceRunnable.java:55)
>       at 
> org.apache.ignite.internal.util.StripedExecutor$Stripe.body(StripedExecutor.java:569)
>       at 
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125)
>       at java.lang.Thread.run(Thread.java:748)
> {code}
> The main problem is:
> Implementation of authentication plugin ties security user with the subject 
> ID that is propagated through cluster nodes.
> If some node receives operation initiated by the deleted user, it fails to 
> obtain its security context via subject id and hangs with mentioned above 
> exception.
> Here we are faced with a security implementation problem - we have no 
> mechanism to determine that a security subject is no longer needed and can be 
> safely removed and at the same time we  throw unrecoverable exception in case 
> security subject is not found that kills system worker and hangs node.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to