tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Janner <Jeffrey.Jan...@PolyDyne.com>
Subject RE: httpd/Tomcat load balancing question
Date Thu, 23 Dec 2010 15:49:36 GMT
I think I'm going to have to eventually go the mod-rewrite route.  The team doesn't want to
remove the c:url tag on all the pages, just the login page. If they don't remove them from
all, then someone who is really running in cookie-off mode will have problems on all the rest
of the pages.

However, here's the one bit I don't quite understand how it's working.  The servlet definitions
are:
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/static/*</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>Portal</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Portal</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
This is supposed to send anything that comes in as /static/ to the default servlet for Tomcat
to serve directly, bypassing the Spring dispatcher and all that security nonsense. But the
directory structure is:
   Webapps
     -- Portal
          --images
          --scripts
          --WEB-INF
How does the default servlet know to serve /Portal/static/images/logo.jpg (after c:url encoding)
from the images directory above (assuming this was running in a standalone Tomcat -- which
is the individual programmers test environment).
Or is it not doing what the dev team thinks it's doing?

Jeff

> -----Original Message-----
> From: André Warnier [mailto:aw@ice-sa.com]
> Sent: Thursday, December 23, 2010 7:15 AM
> To: Tomcat Users List
> Subject: Re: httpd/Tomcat load balancing question
> 
> I'll top post and reply to an earlier message at the same time,
> although I'm sure that
> this is frowned upon in both cases.
> 
> Considering the sum of the answers so far :
> 
> 1) According to Pid*, yes, the "<c:url .." encapsulation is the reason
> for the added
> ";jession-id" suffix, which interferes when Apache httpd is asked to
> deliver the target of
> these links to static elements.
> 
> 2) it would seem to me that the best (most efficient) way, in your
> context, would be to
> remove that encapsulation for all links directed to static elements.
> That would not only
> fix the problem you are having, but also avoid some unnecessary
> processing on the Tomcat
> side (and on the httpd side, see #4 below).
> 
> 3) one point made by Konstantin is that of course in this case, these
> static elements
> themselves will not be subject to the Tomcat authentication and access-
> control rules.
> But that is already implicit, since they are delivered by Apache httpd
> anyway.
> 
> 4) in the worst case - aka your Dev team cannot easily remove the
> encapsulation - there
> are ways to remove the ";jessionid" suffix at the Apache httpd level,
> using mod_rewrite
> for instance.  But that definitely sounds like doing the work twice :
> once for Tomcat to
> add the suffixes, then again for httpd to remove them.
> 
> 5) There is also a way to remove the jessionid suffix, using mod_jk as
> the connector
> between httpd and tomcat instead of mod_proxy, as per Rainer's
> suggestion (JkStripSession
> configuration directive).  mod_jk is (at least) as good as mod_proxy in
> terms of
> connecting and load-balancing, but it is a different configuration.
> 
> 6) and if these java guys don't get it cooked, there are other ways to
> do this, but this
> would become off-topic for this list, so maybe we should then do that
> offline.
> 
> 7) your proposed course of action below is self-defeating, since if you
> manage to convince
> them it will mean that they are not what you think they are.
> 
> Jeffrey Janner wrote:
> > Definitely the culprit.  Now, I just have to convince the Dev team
> that they are, once again, a bunch of idiots.
> >
> > I'm sure it's some framework/tool they are using.  The question now
> is, if I can't get them to not use it in this case, is there some way
> to modify httpd to strip the ;jsessionid stuff, or pass it on to the
> Tomcat server if it's there?  That is, ignore the local feed if there
> is a sticky session id embedded in the URL?
> >
> > Jeff
> >
> >> -----Original Message-----
> >> From: Jeffrey Janner [mailto:Jeffrey.Janner@PolyDyne.com]
> >> Sent: Wednesday, December 22, 2010 4:50 PM
> >> To: 'Tomcat Users List'
> >> Subject: RE: httpd/Tomcat load balancing question
> >>
> >> In the specific case I mention below, this is the source from the
> jsp:
> >>         <link rel="icon" type="image/x-icon" href="<c:url
> >> value="/static/images/icons/favicon.ico"/>" />
> >>
> >> I'm not a jsp programmer, but I'm betting it has something to do
> with
> >> the <c:url /> encapsulation.
> >> Jeff
> >>
> >>> -----Original Message-----
> >>> From: Jeffrey Janner [mailto:Jeffrey.Janner@PolyDyne.com]
> >>> Sent: Wednesday, December 22, 2010 4:40 PM
> >>> To: 'Tomcat Users List'; 'Tomcat Users List'
> >>> Subject: RE: httpd/Tomcat load balancing question
> >>>
> >>> Thanks, that was what I was thinking.
> >>> Since the only JSP I have access to is the welcome-file, I'm not
> sure
> >> I
> >>> can verify.
> >>>
> >>> Q: I would think the getContextPath would be desirable, in case we
> >>> change the war-file name, etc., but I wouldn't think that would
> cause
> >>> the jsessionID string to get appended to the end of the path.  That
> >> is,
> >>> they are coming out as
> >>>
> >>
> "/Portal/static/images/icons/favicon.ico;jsessionid=B4E3E4AA3D79B8877A0
> >>> 9CFCC32827D09.tomcat1".
> >>>
> >>> Jeff
> >>>
> >>>> -----Original Message-----
> >>>> From: André Warnier [mailto:aw@ice-sa.com]
> >>>> Sent: Wednesday, December 22, 2010 2:43 PM
> >>>> To: Tomcat Users List
> >>>> Subject: Re: httpd/Tomcat load balancing question
> >>>>
> >>>> Hi.
> >>>>
> >>>> Not knowing anything about JSP per se, I would nevertheless guess
> >>> that
> >>>> the links are
> >>>> written using something like
> >>>> <img src="<%getContextPath%>/static/mylogo.jpg"/> or similarly,
> >>> instead
> >>>> of just plain html
> >>>> <img src="/Portal/static/mylogo.jpg"/>.
> >>>> That probably leads the JSP compiler to think it has to
> >> "relativise"
> >>>> the links to the app
> >>>> context and so on, while in this case it should not, because they
> >>> will
> >>>> be served by the
> >>>> front-end, not by Tomcat.
> >>>>
> >>>>
> >>>>
> >>>> Jeffrey Janner wrote:
> >>>>> Httpd 2.2.17
> >>>>> Tomcat 6.0.29
> >>>>> Sun JDK 1.6.0_22
> >>>>> Spring Framework (3.0.2 I think)
> >>>>> All on Windows
> >>>>>
> >>>>> The Dev team is creating a new app that we are planning to deploy
> >>>> using httpd as a load-balancer to two Tomcats on separate servers.
> >>>> Httpd is configured to serve static files - graphics, css, etc. -
> >>> with
> >>>> everything else being sent to the Tomcat servers over AJP.  The
> >>> Tomcat
> >>>> app has one jsp file setup as the welcome-file, which just does a
> >>>> redirect to host/app/login, which is an internal action that
> >>> generates
> >>>> the real login screen.  All other parts of the app are buried in
> >> the
> >>>> WEB-INF/classes structure (as far as I can tell).
> >>>>> We are currently testing the setup, and if you go to
> >>>> http://prtltest.polydyne.com, everything seems to work just fine.
> >>> The
> >>>> browser gets redirected to
> >> http://prtltest.polydyne.com/Portal/login
> >>>> and the screen looks fine.  The problem is if you go directly to
> >> the
> >>>> login page, bypassing the welcome-file redirect, then you don't
> get
> >>> the
> >>>> static files.  If you refresh the page, everything shows up again.
> >>>>> Looking at the source of the login page, it appears that all the
> >>>> static links have the jsessionid appended to them on the first
> >> load,
> >>>> but not on subsequent loads.  I assume this is because Tomcat
> >> hasn't
> >>>> determined cookie support yet when it generates the page the first
> >>>> time, but does know about it on the refresh.  My question is, is
> >>> there
> >>>> something the Dev team should be doing before generating the login
> >>>> page, or generating the static links, or is there a configuration
> >>>> setting I'm missing in the httpd.conf file?  Or perhaps in the
> >>> web.xml?
> >>>>> Jeff
> >>>>>
> >>>>> The httpd.conf file is pretty stock, with the following added for
> >>> the
> >>>> load-balancer configuration:
> >>>>> <Location /balancer-manager>
> >>>>>   SetHandler balancer-manager
> >>>>>
> >>>>>   Order Deny,Allow
> >>>>>   Deny from all
> >>>>>   Allow from 10.1.1 127.0.0.1
> >>>>> </Location>
> >>>>>
> >>>>> <Proxy balancer://mycluster>
> >>>>>                 BalancerMember ajp://prtltest01:8009/Portal
> >>>> route=tomcat1 loadfactor=50
> >>>>>                 BalancerMember ajp://prtltest02:8009/Portal
> >>>> route=tomcat2 loadfactor=50
> >>>>> </Proxy>
> >>>>>
> >>>>> ProxyPass /Portal/static !
> >>>>> ProxyPass /Portal balancer://mycluster
> >>>> stickysession=JSESSIONID|jsessionid scolonpathdelim=On
> >>>>> ProxyPass / balancer://mycluster/
> >>> stickysession=JSESSIONID|jsessionid
> >>>> scolonpathdelim=On
> >>>>> The web.xml file is:
> >>>>>
> >>>>> <?xml version="1.0" encoding="UTF-8"?>
> >>>>> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
> >>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>>> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> >>>> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
> >>>>>     <display-name>Polydyne Portal Application</display-name>
> >>>>>     <!-- Log4J Config -->
> >>>>>     <context-param>
> >>>>>         <param-name>log4jConfigLocation</param-name>
> >>>>>         <param-value>/WEB-INF/log4j.properties</param-value>
> >>>>>     </context-param>
> >>>>>     <listener>
> >>>>>         <listener-
> >>>> class>org.springframework.web.util.Log4jConfigListener</listener-
> >>> class>
> >>>>>     </listener>
> >>>>>     <context-param>
> >>>>>         <param-name>contextConfigLocation</param-name>
> >>>>>         <param-value>
> >>>>>             /WEB-INF/Portal-service.xml
> >>>>>             /WEB-INF/Portal-security.xml
> >>>>>         </param-value>
> >>>>>     </context-param>
> >>>>>     <listener>
> >>>>>         <listener-
> >>
> class>org.springframework.web.context.ContextLoaderListener</listener-
> >>>> class>
> >>>>>     </listener>
> >>>>>
> >>>>>     <!-- Concurrent Session Control -->
> >>>>>     <listener>
> >>>>>         <listener-
> >>
> class>org.springframework.security.web.session.HttpSessionEventPublishe
> >>>> r</listener-class>
> >>>>>     </listener>
> >>>>>
> >>>>>     <!-- Reads request input using UTF-8 encoding -->
> >>>>>     <filter>
> >>>>>         <filter-name>characterEncodingFilter</filter-name>
> >>>>>         <filter-
> >>
> class>org.springframework.web.filter.CharacterEncodingFilter</filter-
> >>>> class>
> >>>>>         <init-param>
> >>>>>             <param-name>encoding</param-name>
> >>>>>             <param-value>UTF-8</param-value>
> >>>>>         </init-param>
> >>>>>         <init-param>
> >>>>>             <param-name>forceEncoding</param-name>
> >>>>>             <param-value>true</param-value>
> >>>>>         </init-param>
> >>>>>     </filter>
> >>>>>     <filter-mapping>
> >>>>>         <filter-name>characterEncodingFilter</filter-name>
> >>>>>         <url-pattern>/*</url-pattern>
> >>>>>     </filter-mapping>
> >>>>>
> >>>>>     <!-- Spring Security settings start -->
> >>>>>     <filter>
> >>>>>         <filter-name>springSecurityFilterChain</filter-name>
> >>>>>         <filter-
> >>>>
> class>org.springframework.web.filter.DelegatingFilterProxy</filter-
> >>>> class>
> >>>>>     </filter>
> >>>>>     <filter-mapping>
> >>>>>         <filter-name>springSecurityFilterChain</filter-name>
> >>>>>         <url-pattern>/*</url-pattern>
> >>>>>     </filter-mapping>
> >>>>>     <!-- Spring Security settings end -->
> >>>>>     <!-- Servlet Definition -->
> >>>>>     <!--
> >>>>>      - Map static resources to the default servlet
> >>>>>      - examples:
> >>>>>      -     http://localhost:8080/static/images/pets.png
> >>>>>      -     http://localhost:8080/static/styles/petclinic.css
> >>>>>     -->
> >>>>>     <servlet-mapping>
> >>>>>         <servlet-name>default</servlet-name>
> >>>>>         <url-pattern>/static/*</url-pattern>
> >>>>>     </servlet-mapping>
> >>>>>
> >>>>>     <servlet>
> >>>>>         <servlet-name>Portal</servlet-name>
> >>>>>         <servlet-
> >>>> class>org.springframework.web.servlet.DispatcherServlet</servlet-
> >>> class>
> >>>>>         <load-on-startup>2</load-on-startup>
> >>>>>     </servlet>
> >>>>>     <servlet-mapping>
> >>>>>         <servlet-name>Portal</servlet-name>
> >>>>>         <url-pattern>/</url-pattern>
> >>>>>     </servlet-mapping>
> >>>>>     <!-- Servlet Definition End -->
> >>>>>     <session-config>
> >>>>>         <session-timeout>
> >>>>>             30
> >>>>>         </session-timeout>
> >>>>>     </session-config>
> >>>>>     <welcome-file-list>
> >>>>>         <welcome-file>redirect.jsp</welcome-file>
> >>>>>     </welcome-file-list>
> >>>>>     <error-page>
> >>>>>         <exception-
> >>>> type>javax.servlet.UnavailableException</exception-type>
> >>>>>         <location>/WEB-
> >> INF/views/errors/Unavailable.html</location>
> >>>>>     </error-page>
> >>>>>     <error-page>
> >>>>>         <exception-type>503</exception-type>
> >>>>>         <location>/WEB-
> >> INF/views/errors/Unavailable.html</location>
> >>>>>     </error-page>
> >>>>> </web-app>
> >>>>>
> >>
> _______________________________________________________________________
> >>>> ___
> >>>>> Confidentiality Notice:  This Transmission (including any
> >>>> attachments) may contain information that is privileged,
> >>> confidential,
> >>>> and exempt from disclosure under applicable law.  If the reader of
> >>> this
> >>>> message is not the intended recipient you are hereby notified that
> >>> any
> >>>> dissemination, distribution, or copying of this communication is
> >>>> strictly prohibited.
> >>>>> If you have received this transmission in error, please
> >> immediately
> >>>> reply to the sender or telephone (512) 343-9100 and delete this
> >>>> transmission from your system.
> >>>>
> >>>> ------------------------------------------------------------------
> -
> >> --
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>
> >>
> _______________________________________________________________________
> >>> ___
> >>>
> >>> Confidentiality Notice:  This Transmission (including any
> >> attachments)
> >>> may contain information that is privileged, confidential, and
> exempt
> >>> from disclosure under applicable law.  If the reader of this
> message
> >> is
> >>> not the intended recipient you are hereby notified that any
> >>> dissemination, distribution, or copying of this communication is
> >>> strictly prohibited.
> >>>
> >>> If you have received this transmission in error, please immediately
> >>> reply to the sender or telephone (512) 343-9100 and delete this
> >>> transmission from your system.
> >>>
> >>>
> >>> -------------------------------------------------------------------
> --
> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>
> _______________________________________________________________________
> >> ___
> >>
> >> Confidentiality Notice:  This Transmission (including any
> attachments)
> >> may contain information that is privileged, confidential, and exempt
> >> from disclosure under applicable law.  If the reader of this message
> is
> >> not the intended recipient you are hereby notified that any
> >> dissemination, distribution, or copying of this communication is
> >> strictly prohibited.
> >>
> >> If you have received this transmission in error, please immediately
> >> reply to the sender or telephone (512) 343-9100 and delete this
> >> transmission from your system.
> >>
> >>
> >> --------------------------------------------------------------------
> -
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >
> >
> _______________________________________________________________________
> ___
> >
> > Confidentiality Notice:  This Transmission (including any
> attachments) may contain information that is privileged, confidential,
> and exempt from disclosure under applicable law.  If the reader of this
> message is not the intended recipient you are hereby notified that any
> dissemination, distribution, or copying of this communication is
> strictly prohibited.
> >
> > If you have received this transmission in error, please immediately
> reply to the sender or telephone (512) 343-9100 and delete this
> transmission from your system.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

__________________________________________________________________________

Confidentiality Notice:  This Transmission (including any attachments) may contain information
that is privileged, confidential, and exempt from disclosure under applicable law.  If the
reader of this message is not the intended recipient you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.  

If you have received this transmission in error, please immediately reply to the sender or
telephone (512) 343-9100 and delete this transmission from your system.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message