tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: question for sso session replication in tomcat 6.0.26
Date Fri, 25 Jun 2010 11:28:53 GMT
On 24/06/2010 21:49, Okubo, Yasushi (TSD) wrote:
> My bad.
> 
> I added *.jsp to the filter since it contains the path to index page as
> follows.  Now, I am wondering when sso session id is created and
> replicated, is it when index.jsp was accessed or login.jsp was accessed?

You had added it and have now removed it?

The normal session id is created when you access a JSP for the first
time, unless you have specifically configured JSPs to not create a
session.  A session can also be created manually by a Filter or a Servlet.

The SSO session is created when the container login process completes
authentication successfully.

I'm not entirely clear on when SSO replication occurs - presumably only
when there's a change like session invalidation or creation.


p


> == index.jsp ==
> <% response.sendRedirect("/test/index.html?homepage=dyn&prop=Home"); %>
> 
> -----Original Message-----
> From: Okubo, Yasushi (TSD) 
> Sent: Thursday, June 24, 2010 1:13 PM
> To: 'Tomcat Users List'
> Subject: RE: question for sso session replication in tomcat 6.0.26
> 
> 
> Hi Pid
> 
> I started getting the following error upon login to one node onto
> cluster.
> Could you tell me what this mean is?
> 
> Yasushi
> 
> 
> Jun 24, 2010 10:51:58 AM org.apache.catalina.ha.tcp.ReplicationValve
> sendReplicationMessage
> SEVERE: Unable to perform replication request.
> java.lang.NullPointerException
>         at
> org.apache.catalina.ha.tcp.ReplicationValve.isRequestWithoutSessionChang
> e(ReplicationValve.java:590)
>         at
> org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessag
> e(ReplicationValve.java:516)
>         at
> org.apache.catalina.ha.tcp.ReplicationValve.sendReplicationMessage(Repli
> cationValve.java:430)
>         at
> org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java
> :363)
>         at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
> :102)
>         at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555
> )
>         at
> org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:
> 421)
>         at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
> java:109)
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
> 98)
>         at
> org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:427)
>         at
> org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpApr
> Protocol.java:384)
>         at
> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
>         at java.lang.Thread.run(Thread.java:619)
> 
> 
> -----Original Message-----
> From: Pid [mailto:pid@pidster.com] 
> Sent: Wednesday, June 23, 2010 1:06 AM
> To: Tomcat Users List
> Subject: Re: question for sso session replication in tomcat 6.0.26
> 
> I'll have to look at the code, but maybe you're being affected by a
> recent bug whereby the session id changes after login but isn't then
> replicated.
> 
> You might search bugzilla to see if this applies to 6.0.26.
> 
> 
> p
> 
> On 22 Jun 2010, at 22:41, "Okubo, Yasushi (TSD)"
> <Yasushi.Okubo@takedasd.com> wrote:
> 
>>
>> Hi
>>
>> There were two cookies created by Tomcat 6.0.26. One is for SSO, and
> the
>> other is for regular session between client and tomcat.  JSESSIONID is
>> working fine : it means session replication and failover, but not
>> JSESSIONIDSSO.  JSESSIONIDSSO is updated with new value upon relogin.
>>
>> yasushi
>>
>>
>> JSESSIONIDSSO
>> 65110434847FE0AA1F1EBF0EF0871D25
>>
>>
>> JSESSIONID
>> 5CFE92814875C4DEFC554526147698A3.jvm2
>>
>> -----Original Message-----
>> From: Jon Brisbin [mailto:jon.brisbin@npcinternational.com] 
>> Sent: Tuesday, June 22, 2010 2:17 PM
>> To: Tomcat Users List
>> Cc: Okubo, Yasushi (TSD)
>> Subject: Re: question for sso session replication in tomcat 6.0.26
>>
>> Are you using a "jvmRoute" setting on your BalancerMember definition
> in
>> mod_proxy config and on the <Engine/> element in server.xml? Your
> cookie
>> would have the jvmRoute property added to the end of it (e.g.
>> ALONGMD5HASH.server1) if so.
>>
>> From the Almighty Google:
>> http://community.jboss.org/wiki/usingmodproxywithjboss
>>
>> Jon Brisbin
>> Portal Webmaster
>> NPC International, Inc.
>>
>>
>>
>> On Jun 22, 2010, at 3:48 PM, Okubo, Yasushi (TSD) wrote:
>>
>>> Hi
>>>
>>> I downloaded apache apache v2.2.15 and compiled and installed, but
> the
>>> result was the same.
>>>
>>> Session sso replication looked like failed.  Upon shutting down the
>>> node, it kicked me out of password protected area and needed to
>> re-loin
>>> on the second node.
>>>
>>> On apache, I installed/enabled all modules including basic
>>> authentication etc.  Is there any requirement on apache side or how
>> the
>>> virtual host should be set up in httpd.conf to make sso failover
> work?
>>>
>>> Thanks,
>>> yasushi
>>>
>>> -----Original Message-----
>>> From: Pid [mailto:pid@pidster.com] 
>>> Sent: Tuesday, June 22, 2010 8:04 AM
>>> To: Tomcat Users List
>>> Subject: Re: question for sso session replication in tomcat 6.0.26
>>>
>>> On 22/06/2010 15:56, Okubo, Yasushi (TSD) wrote:
>>>> Hi Andrew
>>>>
>>>> In case of no failover, SSO works for all web applications on the
>> same
>>> host.  Upon failover [shutting down one node], a user is routed to
> the
>>> other node, and TC is asking for a user to re-login when he/she tried
>> to
>>> access password protected area.  
>>>>
>>>> I have checked many times on server.xml and session replication is
>>> working fine upon failover, so I cannot think any misconfiguration on
>>> server.xml
>>>> The issue is SSO failover is not working.  I think it might be
>> related
>>> to my apache virtual host setup, but could not figure it out.
>>>>
>>>> Thanks for your help,
>>>> yasushi
>>>>
>>>> I am using mod_proxy_ajp, mod_proxy_balancer [v2.2.3]
>>>
>>> mod_proxy_ajp appeared in 2.2.3 for the first time, it was functional
>>> but not perfect & there are many bugfixes and improvements since
> then,
>>> you should upgrade HTTPD.
>>>
>>>
>>> p
>>>
>>>> OS : Redhat Linux 64bit  RHEL v5.5
>>>> JDK : 1.6.0.20 
>>>>
>>>> === I created virtual host on port 9050 ==
>>>> Httpd.conf
>>>>
>>>> <VirtualHost 10.250.200.57:9050>
>>>> ServerAdmin xyz
>>>> ServerName webclust1.xyz.com
>>>> ServerAlias webclust1
>>>> ErrorLog logs/webclust_cluster_error.log
>>>> CustomLog logs/webclust-cluster-access_log common
>>>>
>>>> <Location /balancer-manager>
>>>> SetHandler balancer-manager
>>>>
>>>> Order Deny,Allow
>>>> Deny from all
>>>> Allow from all
>>>> </Location>
>>>>
>>>> ProxyRequests off
>>>> <Proxy balancer://webclust>
>>>> BalancerMember ajp://10.250.200.57:9001 loadfactor=10 max=150
>> smax=145
>>> route=jvm1
>>>> BalancerMember ajp://10.250.200.57:9002 loadfactor=10 max=150
>> smax=145
>>> route=jvm2
>>>> BalancerMember ajp://10.250.200.57:9003 loadfactor=10 max=150
>> smax=145
>>> route=jvm3
>>>> Order Deny,Allow
>>>> Allow from all
>>>> </Proxy>
>>>>
>>>> #Do not proxy balancer-manager
>>>> ProxyPass /balancer-manager !
>>>>
>>>> <Location /examples>
>>>> ProxyPass balancer://webclust/examples
>>> stickysession=JSESSIONID|jsessionid
>>>> ProxyPassReverse balancer://webclust/examples
>>>> Order Deny,Allow
>>>> Allow from all
>>>> </Location>
>>>>
>>>> <Location / >
>>>> ProxyPass balancer://webclust/ stickysession=JSESSIONID|jsessionid
>>>> ProxyPassReverse balancer://webclust/
>>>> Order Deny,Allow
>>>> Allow from all
>>>> </Location>
>>>>
>>>>
>>>> === server.xml ===
>>>>   <!-- Define an AJP 1.3 Connector on port 8009 -->
>>>>   <Connector port="9002" protocol="AJP/1.3" redirectPort="8443" />
>>>>
>>>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>>>>
>>>> <Host name="localhost"  appBase="webapps"
>>>>           unpackWARs="true" autoDeploy="true"
>>>>           xmlValidation="false" xmlNamespaceAware="false">
>>>>
>>>>       <Cluster
>>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
>>>>                channelSendOptions="4">
>>>>
>>>>         <Manager
>>> className="org.apache.catalina.ha.session.DeltaManager"
>>>>                          name="node2"
>>>>                  expireSessionsOnShutdown="false"
>>>>                  notifyListenersOnReplication="true"/>
>>>>
>>>>         <Channel
>>> className="org.apache.catalina.tribes.group.GroupChannel">
>>>>           <Membership
>>> className="org.apache.catalina.tribes.membership.McastService"
>>>>                       address="228.0.0.5"
>>>>                       port="45564"
>>>>                       frequency="500"
>>>>                       dropTime="3000"/>
>>>>           <Receiver
>>> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>>>>                     address="auto"
>>>>                     port="4020"
>>>>                     autoBind="100"
>>>>                     selectorTimeout="5000"
>>>>                     maxThreads="12"/>
>>>> <Sender
>>>
>>
> className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>>>>             <Transport
>>>
>>
> className="org.apache.catalina.tribes.transport.nio.PooledParallelSender
>>> "/>
>>>>           </Sender>
>>>>           <Interceptor
>>>
>>
> className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetec
>>> tor"/>
>>>>           <Interceptor
>>>
>>
> className="org.apache.catalina.tribes.group.interceptors.MessageDispatch
>>> 15Interceptor"/>
>>>>               <Interceptor
>>>
>>
> className="org.apache.catalina.tribes.group.interceptors.ThroughputInter
>>> ceptor"/>
>>>>         </Channel>
>>>>
>>>>         <Valve
>>> className="org.apache.catalina.ha.tcp.ReplicationValve"
>>>>
>>>
>>
> filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;
>>> .*\.xls;.*\.sdf;.*\.xml;"/>
>>>>             <!-- only with jk_mod failover-->
>>>>         <Valve
>>> className="org.apache.catalina.ha.session.JvmRouteBinderValve"
>>>>                enabled="true" sessionIdAttribute="takeoverSessionid"
>>> />
>>>> <!--
>>>>         <Deployer
>>> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
>>>>                   tempDir="/tmp/war-temp/"
>>>>
>>> deployDir="/usr/local/apache/node2-tomcat-6.0.26/webapps"
>>>>                   watchDir="/tmp/war-listen/"
>>>>                                       watchEnabled="true"/>
>>>> -->
>>>>                 <!-- only with jk_mod and jvmroutebindervalve--> 
>>>>         <ClusterListener
>>>
>>
> className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListene
>>> r"/>
>>>>         <ClusterListener
>>> className="org.apache.catalina.ha.session.ClusterSessionListener"/>
>>>>       </Cluster>
>>>>
>>>> <Valve
>>> className="org.apache.catalina.ha.authenticator.ClusterSingleSignOn"
>> />
>>>>
>>>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>>> directory="logs"  
>>>>              prefix="webappqa_node2_access_log." suffix=".log"
>>> pattern="common" resolveHosts="false"/>
>>>>
>>>>     </Host>
>>>> </Engine>
>>>>
>>>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



Mime
View raw message