tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Fernandez" <afernan...@transalud.com.ar>
Subject Re: problem with tomcat clusters sso with apache load balancer
Date Fri, 04 May 2007 19:02:55 GMT
Thank you for your answers.

As a workarround (forgetting about clustering), can I use 2 tomcat instances
with different WARs but both using sso?

For instance:

Machine 1 - tomcat #1 - a.war
Machine 2 - tomcat #2 - b.war

both with sso, so when I log-in in application a I am also logged in
application b

Regards,
Alejandro

----- Original Message ----- 
From: "Peter Rossbach" <pr@objektpark.de>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, May 03, 2007 3:16 PM
Subject: Re: problem with tomcat clusters sso with apache load balancer


> Hi,
>
> the clusterSSO implementation is not ready:
>
> - at normal shutdown from one application or a node all sessions are
> expired.
> clusterSSO is a normal session listener and context stop expires
> all sessions.
> - The sessionID rewrite from JvmRouteBinderValve are not coordinated
> with clusterSSO sessionID cache.
> - I have made some improvements at the tomcat 5.5 backport :-(
>
> Peter
>
>
> Am 03.05.2007 um 19:24 schrieb Filip Hanik - Dev Lists:
>
> > I don't think the clusterSSO implementation ever really got
> > finished. It got submitted, but never completed.
> > At least that was my impression of it
> >
> > Filip
> >
> > Alejandro Fernandez wrote:
> >> Hi, I am Alejandro from Argentina.
> >>
> >> I am having an issue with tomcat 6.0.10 using clusters and single
> >> sign on, while performing load balance with apache 2.2
> >>
> >> When I am accessing a secured page, I try to login (the login form
> >> is shown correctly) but I receive the following:
> >>
> >> HTTP Status 400 - Invalid direct reference to form login page
> >>
> >> Note: The load balancer makes me switch between 2 tomcat servers.
> >> One switch by page request.
> >>
> >> Please tell me if the info is not enough.
> >>
> >> Thank you in advance.
> >>
> >> --------------------------------------------------------------------- 
> >> -----
> >> httpd.conf
> >> --------------------------------------------------------------------- 
> >> -----
> >>
> >> ....
> >>
> >> <Location /balancer-manager>
> >> SetHandler balancer-manager
> >> </Location>
> >>
> >> <Proxy balancer://cluster>
> >> BalancerMember ajp://sismcarrizo:8009
> >> BalancerMember ajp://servisitadores4:8009
> >> </Proxy>
> >>
> >> <Proxy balancer://clusterb>
> >> BalancerMember ajp://servisitadores4:8009
> >> </Proxy>
> >>
> >> <Location /portal-a>
> >> ProxyPass balancer://cluster/portal-a stickysession=JSESSIONID
> >> </Location>
> >>
> >> <Location /portal-b>
> >> ProxyPass balancer://clusterb/portal-b stickysession=JSESSIONID
> >> </Location>
> >>
> >> <Location /portal-c>
> >> ProxyPass balancer://cluster/portal-c stickysession=JSESSIONID
> >> </Location>
> >>
> >> <Location /accesos-sso>
> >> ProxyPass balancer://cluster/accesos-sso stickysession=JSESSIONID
> >> </Location>
> >>
> >> ....
> >>
> >> --------------------------------------------------------------------- 
> >> -----
> >> server.xml
> >> --------------------------------------------------------------------- 
> >> -----
> >> ....
> >>
> >>    <Engine name="Catalina" defaultHost="localhost">
> >>
> >>       <Cluster
> >> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
> >> channelSendOptions="8">
> >>           <Manager
> >> className="org.apache.catalina.ha.session.DeltaManager"
> >> expireSessionsOnShutdown="false"
> >> notifyListenersOnReplication="true"/>
> >>
> >>           <Channel
> >> className="org.apache.catalina.tribes.group.GroupChannel">
> >>             <Membership
> >> className="org.apache.catalina.tribes.membership.McastService"
> >>                         address="228.0.0.4"
> >>                         port="45564"
> >>                         frequency="500"
> >>                         dropTime="3000"/>
> >>             <Receiver
> >> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
> >>                       address="auto"
> >>                       port="4000"
> >>                       autoBind="100"
> >>                       selectorTimeout="5000"
> >>                       maxThreads="6"/>
> >>
> >>             <Sender
> >> className="org.apache.catalina.tribes.transport.ReplicationTransmitte
> >> r">
> >>               <Transport
> >> className="org.apache.catalina.tribes.transport.nio.PooledParallelSen
> >> der"/>
> >>             </Sender>
> >>             <Interceptor
> >> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDe
> >> tector"/>
> >>             <Interceptor
> >> className="org.apache.catalina.tribes.group.interceptors.MessageDispa
> >> tch15Interceptor"/>
> >>           </Channel>
> >>
> >>           <Valve
> >> className="org.apache.catalina.ha.tcp.ReplicationValve"
> >>                  filter=""/>
> >>           <Valve
> >> className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
> >>
> >>           <Deployer
> >> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
> >>                     tempDir="/tmp/war-temp/"
> >>                     deployDir="/tmp/war-deploy/"
> >>                     watchDir="/tmp/war-listen/"
> >>                     watchEnabled="false"/>
> >>
> >>           <ClusterListener
> >> className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderList
> >> ener"/>
> >>           <ClusterListener
> >> className="org.apache.catalina.ha.session.ClusterSessionListener"/>
> >>         </Cluster>
> >>
> >>      <Valve
> >> className="org.apache.catalina.authenticator.SingleSignOn"
> >> debug="0"/>
> >>       <Realm className="org.apache.catalina.realm.JDBCRealm"
> >>
> >> driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
> >>              connectionURL="jdbc:microsoft:sqlserver://
> >> desa-0:1433;databasename=accesos;selectmethod=cursor"
> >>               connectionName="accesosusr"
> >>         connectionPassword="j1ra808fa"
> >>               userTable="users"
> >>         userNameCol="username"
> >>         userCredCol="password"
> >>              userRoleTable="user_role"
> >>         roleNameCol="role"
> >>         debug="99"
> >>       />
> >>
> >>       <Host name="localhost" appBase="webapps" unpackWARs="true"
> >> autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
> >>       </Host>
> >> </Engine>
> >> ....
> >>
> >> --------------------------------------------------------------------- 
> >> -----
> >> web.xml
> >> --------------------------------------------------------------------- 
> >> -----
> >> ....
> >>
> >>  <!-- Define a Security Constraint on this Application -->
> >>   <security-constraint>
> >>     <web-resource-collection>
> >>       <web-resource-name>portal-a</web-resource-name>
> >>       <url-pattern>/mercados.jsp</url-pattern>
> >>       <url-pattern>/mercados.page</url-pattern>
> >>       <url-pattern>/mercados.jsf</url-pattern>
> >>     </web-resource-collection>
> >>     <auth-constraint>
> >>        <!-- NOTE:  This role is not present in the default users
> >> file -->
> >>        <role-name>accesos</role-name>
> >>     </auth-constraint>
> >>   </security-constraint>
> >>
> >>   <!-- Define the Login Configuration for this Application -->
> >>   <login-config>
> >>     <auth-method>FORM</auth-method>
> >>     <realm-name>Portal A Application</realm-name>
> >>     <form-login-config>
> >>        <form-login-page>/login.jsp</form-login-page>
> >>        <form-error-page>/error.jsp</form-error-page>
> >>  </form-login-config>
> >>   </login-config>
> >>
> >>   <!-- Security roles referenced by this web application -->
> >>   <security-role>
> >>     <description>
> >>       The role that is required to log in to the Manager Application
> >>     </description>
> >>     <role-name>accesos</role-name>
> >>   </security-role>
> >>
> >> <distributable/>
> >> ....
> >>
> >> --------------------------------------------------------------------- 
> >> ---
> >>
> >> No virus found in this incoming message.
> >> Checked by AVG Free Edition. Version: 7.5.467 / Virus Database:
> >> 269.6.2/784 - Release Date: 5/1/2007 2:57 PM
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message