tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: httpd/Tomcat load balancing question
Date Thu, 23 Dec 2010 13:14:43 GMT
I'll top post and reply to an earlier message at the same time, although I'm sure that 
this is frowned upon in both cases.

Considering the sum of the answers so far :

1) According to Pid*, yes, the "<c:url .." encapsulation is the reason for the added 
";jession-id" suffix, which interferes when Apache httpd is asked to deliver the target of

these links to static elements.

2) it would seem to me that the best (most efficient) way, in your context, would be to 
remove that encapsulation for all links directed to static elements.  That would not only

fix the problem you are having, but also avoid some unnecessary processing on the Tomcat 
side (and on the httpd side, see #4 below).

3) one point made by Konstantin is that of course in this case, these static elements 
themselves will not be subject to the Tomcat authentication and access-control rules.
But that is already implicit, since they are delivered by Apache httpd anyway.

4) in the worst case - aka your Dev team cannot easily remove the encapsulation - there 
are ways to remove the ";jessionid" suffix at the Apache httpd level, using mod_rewrite 
for instance.  But that definitely sounds like doing the work twice : once for Tomcat to 
add the suffixes, then again for httpd to remove them.

5) There is also a way to remove the jessionid suffix, using mod_jk as the connector 
between httpd and tomcat instead of mod_proxy, as per Rainer's suggestion (JkStripSession

configuration directive).  mod_jk is (at least) as good as mod_proxy in terms of 
connecting and load-balancing, but it is a different configuration.

6) and if these java guys don't get it cooked, there are other ways to do this, but this 
would become off-topic for this list, so maybe we should then do that offline.

7) your proposed course of action below is self-defeating, since if you manage to convince

them it will mean that they are not what you think they are.

Jeffrey Janner wrote:
> Definitely the culprit.  Now, I just have to convince the Dev team that they are, once
again, a bunch of idiots.
> 
> I'm sure it's some framework/tool they are using.  The question now is, if I can't get
them to not use it in this case, is there some way to modify httpd to strip the ;jsessionid
stuff, or pass it on to the Tomcat server if it's there?  That is, ignore the local feed if
there is a sticky session id embedded in the URL?
> 
> Jeff
> 
>> -----Original Message-----
>> From: Jeffrey Janner [mailto:Jeffrey.Janner@PolyDyne.com]
>> Sent: Wednesday, December 22, 2010 4:50 PM
>> To: 'Tomcat Users List'
>> Subject: RE: httpd/Tomcat load balancing question
>>
>> In the specific case I mention below, this is the source from the jsp:
>>         <link rel="icon" type="image/x-icon" href="<c:url
>> value="/static/images/icons/favicon.ico"/>" />
>>
>> I'm not a jsp programmer, but I'm betting it has something to do with
>> the <c:url /> encapsulation.
>> Jeff
>>
>>> -----Original Message-----
>>> From: Jeffrey Janner [mailto:Jeffrey.Janner@PolyDyne.com]
>>> Sent: Wednesday, December 22, 2010 4:40 PM
>>> To: 'Tomcat Users List'; 'Tomcat Users List'
>>> Subject: RE: httpd/Tomcat load balancing question
>>>
>>> Thanks, that was what I was thinking.
>>> Since the only JSP I have access to is the welcome-file, I'm not sure
>> I
>>> can verify.
>>>
>>> Q: I would think the getContextPath would be desirable, in case we
>>> change the war-file name, etc., but I wouldn't think that would cause
>>> the jsessionID string to get appended to the end of the path.  That
>> is,
>>> they are coming out as
>>>
>> "/Portal/static/images/icons/favicon.ico;jsessionid=B4E3E4AA3D79B8877A0
>>> 9CFCC32827D09.tomcat1".
>>>
>>> Jeff
>>>
>>>> -----Original Message-----
>>>> From: André Warnier [mailto:aw@ice-sa.com]
>>>> Sent: Wednesday, December 22, 2010 2:43 PM
>>>> To: Tomcat Users List
>>>> Subject: Re: httpd/Tomcat load balancing question
>>>>
>>>> Hi.
>>>>
>>>> Not knowing anything about JSP per se, I would nevertheless guess
>>> that
>>>> the links are
>>>> written using something like
>>>> <img src="<%getContextPath%>/static/mylogo.jpg"/> or similarly,
>>> instead
>>>> of just plain html
>>>> <img src="/Portal/static/mylogo.jpg"/>.
>>>> That probably leads the JSP compiler to think it has to
>> "relativise"
>>>> the links to the app
>>>> context and so on, while in this case it should not, because they
>>> will
>>>> be served by the
>>>> front-end, not by Tomcat.
>>>>
>>>>
>>>>
>>>> Jeffrey Janner wrote:
>>>>> Httpd 2.2.17
>>>>> Tomcat 6.0.29
>>>>> Sun JDK 1.6.0_22
>>>>> Spring Framework (3.0.2 I think)
>>>>> All on Windows
>>>>>
>>>>> The Dev team is creating a new app that we are planning to deploy
>>>> using httpd as a load-balancer to two Tomcats on separate servers.
>>>> Httpd is configured to serve static files - graphics, css, etc. -
>>> with
>>>> everything else being sent to the Tomcat servers over AJP.  The
>>> Tomcat
>>>> app has one jsp file setup as the welcome-file, which just does a
>>>> redirect to host/app/login, which is an internal action that
>>> generates
>>>> the real login screen.  All other parts of the app are buried in
>> the
>>>> WEB-INF/classes structure (as far as I can tell).
>>>>> We are currently testing the setup, and if you go to
>>>> http://prtltest.polydyne.com, everything seems to work just fine.
>>> The
>>>> browser gets redirected to
>> http://prtltest.polydyne.com/Portal/login
>>>> and the screen looks fine.  The problem is if you go directly to
>> the
>>>> login page, bypassing the welcome-file redirect, then you don't get
>>> the
>>>> static files.  If you refresh the page, everything shows up again.
>>>>> Looking at the source of the login page, it appears that all the
>>>> static links have the jsessionid appended to them on the first
>> load,
>>>> but not on subsequent loads.  I assume this is because Tomcat
>> hasn't
>>>> determined cookie support yet when it generates the page the first
>>>> time, but does know about it on the refresh.  My question is, is
>>> there
>>>> something the Dev team should be doing before generating the login
>>>> page, or generating the static links, or is there a configuration
>>>> setting I'm missing in the httpd.conf file?  Or perhaps in the
>>> web.xml?
>>>>> Jeff
>>>>>
>>>>> The httpd.conf file is pretty stock, with the following added for
>>> the
>>>> load-balancer configuration:
>>>>> <Location /balancer-manager>
>>>>>   SetHandler balancer-manager
>>>>>
>>>>>   Order Deny,Allow
>>>>>   Deny from all
>>>>>   Allow from 10.1.1 127.0.0.1
>>>>> </Location>
>>>>>
>>>>> <Proxy balancer://mycluster>
>>>>>                 BalancerMember ajp://prtltest01:8009/Portal
>>>> route=tomcat1 loadfactor=50
>>>>>                 BalancerMember ajp://prtltest02:8009/Portal
>>>> route=tomcat2 loadfactor=50
>>>>> </Proxy>
>>>>>
>>>>> ProxyPass /Portal/static !
>>>>> ProxyPass /Portal balancer://mycluster
>>>> stickysession=JSESSIONID|jsessionid scolonpathdelim=On
>>>>> ProxyPass / balancer://mycluster/
>>> stickysession=JSESSIONID|jsessionid
>>>> scolonpathdelim=On
>>>>> The web.xml file is:
>>>>>
>>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>>> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
>>>> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
>>>>>     <display-name>Polydyne Portal Application</display-name>
>>>>>     <!-- Log4J Config -->
>>>>>     <context-param>
>>>>>         <param-name>log4jConfigLocation</param-name>
>>>>>         <param-value>/WEB-INF/log4j.properties</param-value>
>>>>>     </context-param>
>>>>>     <listener>
>>>>>         <listener-
>>>> class>org.springframework.web.util.Log4jConfigListener</listener-
>>> class>
>>>>>     </listener>
>>>>>     <context-param>
>>>>>         <param-name>contextConfigLocation</param-name>
>>>>>         <param-value>
>>>>>             /WEB-INF/Portal-service.xml
>>>>>             /WEB-INF/Portal-security.xml
>>>>>         </param-value>
>>>>>     </context-param>
>>>>>     <listener>
>>>>>         <listener-
>> class>org.springframework.web.context.ContextLoaderListener</listener-
>>>> class>
>>>>>     </listener>
>>>>>
>>>>>     <!-- Concurrent Session Control -->
>>>>>     <listener>
>>>>>         <listener-
>> class>org.springframework.security.web.session.HttpSessionEventPublishe
>>>> r</listener-class>
>>>>>     </listener>
>>>>>
>>>>>     <!-- Reads request input using UTF-8 encoding -->
>>>>>     <filter>
>>>>>         <filter-name>characterEncodingFilter</filter-name>
>>>>>         <filter-
>> class>org.springframework.web.filter.CharacterEncodingFilter</filter-
>>>> class>
>>>>>         <init-param>
>>>>>             <param-name>encoding</param-name>
>>>>>             <param-value>UTF-8</param-value>
>>>>>         </init-param>
>>>>>         <init-param>
>>>>>             <param-name>forceEncoding</param-name>
>>>>>             <param-value>true</param-value>
>>>>>         </init-param>
>>>>>     </filter>
>>>>>     <filter-mapping>
>>>>>         <filter-name>characterEncodingFilter</filter-name>
>>>>>         <url-pattern>/*</url-pattern>
>>>>>     </filter-mapping>
>>>>>
>>>>>     <!-- Spring Security settings start -->
>>>>>     <filter>
>>>>>         <filter-name>springSecurityFilterChain</filter-name>
>>>>>         <filter-
>>>> class>org.springframework.web.filter.DelegatingFilterProxy</filter-
>>>> class>
>>>>>     </filter>
>>>>>     <filter-mapping>
>>>>>         <filter-name>springSecurityFilterChain</filter-name>
>>>>>         <url-pattern>/*</url-pattern>
>>>>>     </filter-mapping>
>>>>>     <!-- Spring Security settings end -->
>>>>>     <!-- Servlet Definition -->
>>>>>     <!--
>>>>>      - Map static resources to the default servlet
>>>>>      - examples:
>>>>>      -     http://localhost:8080/static/images/pets.png
>>>>>      -     http://localhost:8080/static/styles/petclinic.css
>>>>>     -->
>>>>>     <servlet-mapping>
>>>>>         <servlet-name>default</servlet-name>
>>>>>         <url-pattern>/static/*</url-pattern>
>>>>>     </servlet-mapping>
>>>>>
>>>>>     <servlet>
>>>>>         <servlet-name>Portal</servlet-name>
>>>>>         <servlet-
>>>> class>org.springframework.web.servlet.DispatcherServlet</servlet-
>>> class>
>>>>>         <load-on-startup>2</load-on-startup>
>>>>>     </servlet>
>>>>>     <servlet-mapping>
>>>>>         <servlet-name>Portal</servlet-name>
>>>>>         <url-pattern>/</url-pattern>
>>>>>     </servlet-mapping>
>>>>>     <!-- Servlet Definition End -->
>>>>>     <session-config>
>>>>>         <session-timeout>
>>>>>             30
>>>>>         </session-timeout>
>>>>>     </session-config>
>>>>>     <welcome-file-list>
>>>>>         <welcome-file>redirect.jsp</welcome-file>
>>>>>     </welcome-file-list>
>>>>>     <error-page>
>>>>>         <exception-
>>>> type>javax.servlet.UnavailableException</exception-type>
>>>>>         <location>/WEB-
>> INF/views/errors/Unavailable.html</location>
>>>>>     </error-page>
>>>>>     <error-page>
>>>>>         <exception-type>503</exception-type>
>>>>>         <location>/WEB-
>> INF/views/errors/Unavailable.html</location>
>>>>>     </error-page>
>>>>> </web-app>
>>>>>
>> _______________________________________________________________________
>>>> ___
>>>>> Confidentiality Notice:  This Transmission (including any
>>>> attachments) may contain information that is privileged,
>>> confidential,
>>>> and exempt from disclosure under applicable law.  If the reader of
>>> this
>>>> message is not the intended recipient you are hereby notified that
>>> any
>>>> dissemination, distribution, or copying of this communication is
>>>> strictly prohibited.
>>>>> If you have received this transmission in error, please
>> immediately
>>>> reply to the sender or telephone (512) 343-9100 and delete this
>>>> transmission from your system.
>>>>
>>>> -------------------------------------------------------------------
>> --
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>
>> _______________________________________________________________________
>>> ___
>>>
>>> Confidentiality Notice:  This Transmission (including any
>> attachments)
>>> may contain information that is privileged, confidential, and exempt
>>> from disclosure under applicable law.  If the reader of this message
>> is
>>> not the intended recipient you are hereby notified that any
>>> dissemination, distribution, or copying of this communication is
>>> strictly prohibited.
>>>
>>> If you have received this transmission in error, please immediately
>>> reply to the sender or telephone (512) 343-9100 and delete this
>>> transmission from your system.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>> _______________________________________________________________________
>> ___
>>
>> Confidentiality Notice:  This Transmission (including any attachments)
>> may contain information that is privileged, confidential, and exempt
>> from disclosure under applicable law.  If the reader of this message is
>> not the intended recipient you are hereby notified that any
>> dissemination, distribution, or copying of this communication is
>> strictly prohibited.
>>
>> If you have received this transmission in error, please immediately
>> reply to the sender or telephone (512) 343-9100 and delete this
>> transmission from your system.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> 
> __________________________________________________________________________
> 
> Confidentiality Notice:  This Transmission (including any attachments) may contain information
that is privileged, confidential, and exempt from disclosure under applicable law.  If the
reader of this message is not the intended recipient you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.  
> 
> If you have received this transmission in error, please immediately reply to the sender
or telephone (512) 343-9100 and delete this transmission from your system.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message