tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: AW: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest Authentication problem
Date Fri, 13 Mar 2015 15:28:48 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 3/12/15 1:13 PM, Mark Thomas wrote:
> On 12/03/2015 15:20, Sascha Skorupa wrote:
>> Hi,
>> 
>> here:
>> 
>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>>
>>
>> 
the same problem is described and the recommended solution is to use
sticky load balancing. But, the problem in a tomcat cluster is that the
session ID is generated after a successful authentication. The first
http response (401 with Authentication Header) does not contain a
session ID.
>> 
>> How should sticky load balancing be configured or how to enforce
>> session id generation before authentication?
> 
> Most load-balancers have various options for doing this that don't 
> depend on the back-end server at all.

Perhaps an option in Tomcat that will force the creation of a session
when a DIGEST authentication is requested might be useful. This would
tie e.g. mod_jk to the proper back-end server.

I'm not sure how this could be done using mod_jk without such a
feature, or changes to mod_jk itself to annotate the request with the
chosen worker, which could then be converted into a cookie in order to
keep the node-hint associated with the client.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVAwIvAAoJEBzwKT+lPKRYOc4P/2+nCQm+qwhJpz5hxEFaxebx
Y34D5ZF9D4OEdGeaRKNj+mYfDPHDpkbI2Ks3bewf1esnIlA96F4oXPdkXMc2Gn/F
1ETNN78g5ulquya/AYmNjVq1fAtjoaiiisKpv5iM0DJIVA0EdH3T8yUoA9t4MwPc
ndnt89eFfCeFi3FcJCP6EE1TFib+qWsBsAAwSP1J6JttzCDHviDjLt4aTABwBhXf
AAPzD2kLZm69FjphNOLTqaFr0Ec8+uSCGjK+UuC8AgaXYScnxBg92Y80lgqPV77m
7A6TOIVx1O8e1/6Wj1JCk4YrTrjB+90nShkATgnXBy4/DO/jEtFP7QyRovCYbuwf
9kUdl/6IovpR4j4OyYQ8EUPQqXeT3fpKZDk4XiW3iqdRX+zSyBvi95Igd+H9QfEH
gK1cMmeXQEdEY0XlgXU82iVNyzbl+JWma8QswiSnXEdYdxPUTKuaZkpx2W/757ID
GFlYa87tbHQbfbSnBAx5SqaoIVKqZaob7fnVkD32b0uiaCqw7nxhuB8q/QeiY9e8
8lUoTrccj5Uo+5liBp5/0ztSjSkdIZmUQdLnGhaGDBA9t1zNeyOfbNSXQjHKeEJf
l/tl7GNgQ+56pGrlwmuJLPQRTyjwcx+6B9SmpUhJly4YaxMS13Tk77azwVnjCEV4
RQu1uvmH9wOhNCocyyAe
=TebI
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message