tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest Authentication problem
Date Fri, 13 Mar 2015 16:15:03 GMT
Am 13.03.2015 um 16:28 schrieb Christopher Schultz:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Mark,
>
> On 3/12/15 1:13 PM, Mark Thomas wrote:
>> On 12/03/2015 15:20, Sascha Skorupa wrote:
>>> Hi,
>>>
>>> here:
>>>
>>> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication
>>>
>>>
>>>
> the same problem is described and the recommended solution is to use
> sticky load balancing. But, the problem in a tomcat cluster is that the
> session ID is generated after a successful authentication. The first
> http response (401 with Authentication Header) does not contain a
> session ID.
>>>
>>> How should sticky load balancing be configured or how to enforce
>>> session id generation before authentication?
>>
>> Most load-balancers have various options for doing this that don't
>> depend on the back-end server at all.
>
> Perhaps an option in Tomcat that will force the creation of a session
> when a DIGEST authentication is requested might be useful. This would
> tie e.g. mod_jk to the proper back-end server.
>
> I'm not sure how this could be done using mod_jk without such a
> feature, or changes to mod_jk itself to annotate the request with the
> chosen worker, which could then be converted into a cookie in order to
> keep the node-hint associated with the client.

Yes, mod_jk can help since version 1.2.38: Look for "set_session_cookie" 
on http://tomcat.apache.org/connectors-doc/reference/workers.html. Using 
that attribute you can let mod_jk set the cookie, if it doesn't find one 
already set by Tomcat. You need to also set "session_cookie=JSESSIONID" 
and "session_cookie_path=/myapp" where you adjust myapp to your context 
path.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message