[jira] [Updated] (IGNITE-16068) Operations hang with different characters encoding on nodes and authentication enabled.

[Nikolay Izhikov (Jira)]

     [ 
https://issues.apache.org/jira/browse/IGNITE-16068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nikolay Izhikov updated IGNITE-16068:
-------------------------------------
    Fix Version/s: 2.12

> Operations hang with different characters encoding on nodes and 
> authentication enabled.
> ---------------------------------------------------------------------------------------
>
>                 Key: IGNITE-16068
>                 URL: https://issues.apache.org/jira/browse/IGNITE-16068
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Mikhail Petrov
>            Assignee: Mikhail Petrov
>            Priority: Major
>             Fix For: 2.12
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Reproducer: 
> {code:java}
> /**   */
> public class AuthenticatorMultiJvmEncodingTest extends GridCommonAbstractTest 
> {
>     /** Character encoding name that will be applied to the next Ignite 
> process start. */
>     private String jvmCharacterEncoding;
>     /** {@inheritDoc} */
>     @Override protected IgniteConfiguration getConfiguration(String 
> igniteInstanceName) throws Exception {
>         IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
>         cfg.setAuthenticationEnabled(true);
>         cfg.setDataStorageConfiguration(new DataStorageConfiguration()
>             .setDefaultDataRegionConfiguration(new DataRegionConfiguration()
>                 .setMaxSize(100 * (1 << 20))
>                 .setPersistenceEnabled(true)));
>         return cfg;
>     }
>     /** {@inheritDoc} */
>     @Override protected List<String> additionalRemoteJvmArgs() {
>         List<String> args = super.additionalRemoteJvmArgs();
>         args.add("-Dfile.encoding=" + jvmCharacterEncoding);
>         return args;
>     }
>     /** {@inheritDoc} */
>     @Override protected boolean isRemoteJvm(String igniteInstanceName) {
>         return getTestIgniteInstanceIndex(igniteInstanceName) != 0;
>     }
>     /** {@inheritDoc} */
>     @Override protected void beforeTest() throws Exception {
>         super.beforeTest();
>         cleanPersistenceDir();
>     }
>     /** */
>     @Test
>     public void testMultipleJvmInstancesWithDifferentEncoding() throws 
> Exception {
>         startGrid(0);
>         jvmCharacterEncoding = "Big5";
>         startGrid(1);
>         jvmCharacterEncoding = "UTF-8";
>         startGrid(2);
>         grid(0).cluster().state(ACTIVE);
>         grid(0).createCache(DEFAULT_CACHE_NAME);
>         String login = "語";
>         String pwd = "語";
>         try (AutoCloseable ignored = 
> withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
>             grid(0).context().security().createUser(login, pwd.toCharArray());
>         }
>         try (
>             IgniteClient cli = Ignition.startClient(new 
> ClientConfiguration().setAddresses("127.0.0.1:10800")
>                 .setUserName(login)
>                 .setUserPassword(pwd))
>         ) {
>             ClientCache<Integer, Integer> cache = 
> cli.cache(DEFAULT_CACHE_NAME);
>             Map<Integer, Integer> entries = new HashMap<>();
>             for (int i = 0; i < 1000; i++)
>                 entries.put(i, i);
>             cache.putAll(entries);
>         }
>     }
> }
> {code}
> Exception on server node before hanging:
> {code:java}
> java.lang.IllegalStateException: Failed to find security context for subject 
> with given ID : c950cc94-38f1-304d-b858-2aa6e9478357
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.withContext(IgniteSecurityProcessor.java:167)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1906)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1528)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.managers.communication.GridIoManager.access$5300(GridIoManager.java:242)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.managers.communication.GridIoManager$9.execute(GridIoManager.java:1421)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.managers.communication.TraceRunnable.run(TraceRunnable.java:55)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.util.StripedExecutor$Stripe.body(StripedExecutor.java:569)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:125)
> [2021-12-06 23:24:10,507][INFO ][Thread-2][jvm-5950cce2]      at 
> java.lang.Thread.run(Thread.java:748)
> {code}
> The main reason of described above behavior is that 
> IgniteAuthenticatorProcessor uses default JVM character encoding when 
> calculating security subject ID. So different nodes can add the same user 
> with different IDs if they are running in JVMS with different default 
> characters encoding. As a result user can not be found during operations that 
> involve multiple nodes.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)