tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: problem with tomcat clusters sso with apache load balancer
Date Fri, 04 May 2007 19:32:05 GMT
Alejandro Fernandez wrote:
> Thank you for your answers.
> 
> As a workarround (forgetting about clustering), can I use 2 tomcat instances
> with different WARs but both using sso?
> 
> For instance:
> 
> Machine 1 - tomcat #1 - a.war
> Machine 2 - tomcat #2 - b.war
> 
> both with sso, so when I log-in in application a I am also logged in
> application b

Nope.

The SSO info is stored in the memory of each Tomcat instance; which they 
obviously don't share.



> Regards,
> Alejandro
> 
> ----- Original Message ----- 
> From: "Peter Rossbach" <pr@objektpark.de>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Thursday, May 03, 2007 3:16 PM
> Subject: Re: problem with tomcat clusters sso with apache load balancer
> 
> 
>> Hi,
>>
>> the clusterSSO implementation is not ready:
>>
>> - at normal shutdown from one application or a node all sessions are
>> expired.
>> clusterSSO is a normal session listener and context stop expires
>> all sessions.
>> - The sessionID rewrite from JvmRouteBinderValve are not coordinated
>> with clusterSSO sessionID cache.
>> - I have made some improvements at the tomcat 5.5 backport :-(
>>
>> Peter
>>
>>
>> Am 03.05.2007 um 19:24 schrieb Filip Hanik - Dev Lists:
>>
>>> I don't think the clusterSSO implementation ever really got
>>> finished. It got submitted, but never completed.
>>> At least that was my impression of it
>>>
>>> Filip
>>>
>>> Alejandro Fernandez wrote:
>>>> Hi, I am Alejandro from Argentina.
>>>>
>>>> I am having an issue with tomcat 6.0.10 using clusters and single
>>>> sign on, while performing load balance with apache 2.2
>>>>
>>>> When I am accessing a secured page, I try to login (the login form
>>>> is shown correctly) but I receive the following:
>>>>
>>>> HTTP Status 400 - Invalid direct reference to form login page
>>>>
>>>> Note: The load balancer makes me switch between 2 tomcat servers.
>>>> One switch by page request.
>>>>
>>>> Please tell me if the info is not enough.
>>>>
>>>> Thank you in advance.
>>>>
>>>> --------------------------------------------------------------------- 
>>>> -----
>>>> httpd.conf
>>>> --------------------------------------------------------------------- 
>>>> -----
>>>>
>>>> ....
>>>>
>>>> <Location /balancer-manager>
>>>> SetHandler balancer-manager
>>>> </Location>
>>>>
>>>> <Proxy balancer://cluster>
>>>> BalancerMember ajp://sismcarrizo:8009
>>>> BalancerMember ajp://servisitadores4:8009
>>>> </Proxy>
>>>>
>>>> <Proxy balancer://clusterb>
>>>> BalancerMember ajp://servisitadores4:8009
>>>> </Proxy>
>>>>
>>>> <Location /portal-a>
>>>> ProxyPass balancer://cluster/portal-a stickysession=JSESSIONID
>>>> </Location>
>>>>
>>>> <Location /portal-b>
>>>> ProxyPass balancer://clusterb/portal-b stickysession=JSESSIONID
>>>> </Location>
>>>>
>>>> <Location /portal-c>
>>>> ProxyPass balancer://cluster/portal-c stickysession=JSESSIONID
>>>> </Location>
>>>>
>>>> <Location /accesos-sso>
>>>> ProxyPass balancer://cluster/accesos-sso stickysession=JSESSIONID
>>>> </Location>
>>>>
>>>> ....
>>>>
>>>> --------------------------------------------------------------------- 
>>>> -----
>>>> server.xml
>>>> --------------------------------------------------------------------- 
>>>> -----
>>>> ....
>>>>
>>>>    <Engine name="Catalina" defaultHost="localhost">
>>>>
>>>>       <Cluster
>>>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
>>>> channelSendOptions="8">
>>>>           <Manager
>>>> className="org.apache.catalina.ha.session.DeltaManager"
>>>> expireSessionsOnShutdown="false"
>>>> notifyListenersOnReplication="true"/>
>>>>
>>>>           <Channel
>>>> className="org.apache.catalina.tribes.group.GroupChannel">
>>>>             <Membership
>>>> className="org.apache.catalina.tribes.membership.McastService"
>>>>                         address="228.0.0.4"
>>>>                         port="45564"
>>>>                         frequency="500"
>>>>                         dropTime="3000"/>
>>>>             <Receiver
>>>> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>>>>                       address="auto"
>>>>                       port="4000"
>>>>                       autoBind="100"
>>>>                       selectorTimeout="5000"
>>>>                       maxThreads="6"/>
>>>>
>>>>             <Sender
>>>> className="org.apache.catalina.tribes.transport.ReplicationTransmitte
>>>> r">
>>>>               <Transport
>>>> className="org.apache.catalina.tribes.transport.nio.PooledParallelSen
>>>> der"/>
>>>>             </Sender>
>>>>             <Interceptor
>>>> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDe
>>>> tector"/>
>>>>             <Interceptor
>>>> className="org.apache.catalina.tribes.group.interceptors.MessageDispa
>>>> tch15Interceptor"/>
>>>>           </Channel>
>>>>
>>>>           <Valve
>>>> className="org.apache.catalina.ha.tcp.ReplicationValve"
>>>>                  filter=""/>
>>>>           <Valve
>>>> className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
>>>>
>>>>           <Deployer
>>>> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
>>>>                     tempDir="/tmp/war-temp/"
>>>>                     deployDir="/tmp/war-deploy/"
>>>>                     watchDir="/tmp/war-listen/"
>>>>                     watchEnabled="false"/>
>>>>
>>>>           <ClusterListener
>>>> className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderList
>>>> ener"/>
>>>>           <ClusterListener
>>>> className="org.apache.catalina.ha.session.ClusterSessionListener"/>
>>>>         </Cluster>
>>>>
>>>>      <Valve
>>>> className="org.apache.catalina.authenticator.SingleSignOn"
>>>> debug="0"/>
>>>>       <Realm className="org.apache.catalina.realm.JDBCRealm"
>>>>
>>>> driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
>>>>              connectionURL="jdbc:microsoft:sqlserver://
>>>> desa-0:1433;databasename=accesos;selectmethod=cursor"
>>>>               connectionName="accesosusr"
>>>>         connectionPassword="j1ra808fa"
>>>>               userTable="users"
>>>>         userNameCol="username"
>>>>         userCredCol="password"
>>>>              userRoleTable="user_role"
>>>>         roleNameCol="role"
>>>>         debug="99"
>>>>       />
>>>>
>>>>       <Host name="localhost" appBase="webapps" unpackWARs="true"
>>>> autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
>>>>       </Host>
>>>> </Engine>
>>>> ....
>>>>
>>>> --------------------------------------------------------------------- 
>>>> -----
>>>> web.xml
>>>> --------------------------------------------------------------------- 
>>>> -----
>>>> ....
>>>>
>>>>  <!-- Define a Security Constraint on this Application -->
>>>>   <security-constraint>
>>>>     <web-resource-collection>
>>>>       <web-resource-name>portal-a</web-resource-name>
>>>>       <url-pattern>/mercados.jsp</url-pattern>
>>>>       <url-pattern>/mercados.page</url-pattern>
>>>>       <url-pattern>/mercados.jsf</url-pattern>
>>>>     </web-resource-collection>
>>>>     <auth-constraint>
>>>>        <!-- NOTE:  This role is not present in the default users
>>>> file -->
>>>>        <role-name>accesos</role-name>
>>>>     </auth-constraint>
>>>>   </security-constraint>
>>>>
>>>>   <!-- Define the Login Configuration for this Application -->
>>>>   <login-config>
>>>>     <auth-method>FORM</auth-method>
>>>>     <realm-name>Portal A Application</realm-name>
>>>>     <form-login-config>
>>>>        <form-login-page>/login.jsp</form-login-page>
>>>>        <form-error-page>/error.jsp</form-error-page>
>>>>  </form-login-config>
>>>>   </login-config>
>>>>
>>>>   <!-- Security roles referenced by this web application -->
>>>>   <security-role>
>>>>     <description>
>>>>       The role that is required to log in to the Manager Application
>>>>     </description>
>>>>     <role-name>accesos</role-name>
>>>>   </security-role>
>>>>
>>>> <distributable/>
>>>> ....
>>>>
>>>> --------------------------------------------------------------------- 
>>>> ---
>>>>
>>>> No virus found in this incoming message.
>>>> Checked by AVG Free Edition. Version: 7.5.467 / Virus Database:
>>>> 269.6.2/784 - Release Date: 5/1/2007 2:57 PM
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


Mime
View raw message