tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vamsavardhana Reddy <c1vams...@gmail.com>
Subject Problem accessing a secure resource with FORM login method when web application clustered on Tomcat 6.0.18
Date Thu, 03 Mar 2011 12:18:35 GMT
Hi,

I am using Tomcat 6.0.18 embedded in Geronimo server to cluster my web
application.  I have two nodes Node1 and Node2. On Node1 the HTTP port is
8080 and AJP port 8009. On Node2 the HTTP port is 8090 and AJP port 8019. I
am using Apache HTTP Server (HTTP on port 80) with mod_jk as the front-end
server for my application.  I am using FORM authentication method to login
to my application.  When I access a secure resource in my application
through the Apache HTTP server on port 80, it redirects me to login page and
once authenticated it directs me to the secure resource loaded from NodeA.
(The secure resource shows a counter that is stored in the session and
incremented with each request.)  When I keep refreshing the page in the
browser, the counter keeps incrementing as long as the request is getting
directed to NodeA.  Once the request is directed to NodeB, I see the login
page. (Ideally I would expect the page to load from NodeB automatically
without having to login again.) At this stage, if try to login, I get a
message "HTTP Status 400 - Invalid direct reference to form login page" and
the browser's URL textbox shows
http://localhost/SimpleWebApp1/secure/j_security_check .

If I use BASIC authentication method to login to my application, I am
prompted for login only once.  I see that counter keeps incrementing with
each refresh of the page in browser and switching between nodes also does
not result in prompt for login.  The browser would automatically send the
login credentials cached from the first time even if switching to NodeB
prompts for credentials again.

When I deploy my application on Geronimo server that embeds Jetty as web
container, and deploy my application on two nodes as described in 1st
paragraph, I see the login page only the first time.  Switching between
nodes while refreshing the page in the browser happens smoothly and I never
get the login page again.

My guess is that there is an issue with Tomcat AJP connector because of
which the request is getting forwarded to the login page when the HTTP
server switches the node that will serve the request.  Can someone throw
light on what could be happening here?

Thanks and best regards,

-- 
Vamsi

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message