Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id ED68A17DED for ; Fri, 13 Mar 2015 15:30:11 +0000 (UTC) Received: (qmail 834 invoked by uid 500); 13 Mar 2015 15:30:08 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 758 invoked by uid 500); 13 Mar 2015 15:30:08 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 747 invoked by uid 99); 13 Mar 2015 15:30:08 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Mar 2015 15:30:08 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE X-Spam-Check-By: apache.org Received-SPF: error (nike.apache.org: local policy) Received: from [206.46.173.25] (HELO vms173025pub.verizon.net) (206.46.173.25) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Mar 2015 15:29:43 +0000 Received: from Christophers-MacBook-Pro.local ([173.79.164.201]) by vms173025.mailsrvcs.net (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014)) with ESMTPA id <0NL500C2IPO0ZQ40@vms173025.mailsrvcs.net> for users@tomcat.apache.org; Fri, 13 Mar 2015 10:28:48 -0500 (CDT) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=OqT4EJ7o c=1 sm=1 tr=0 a=YZvWn4c/W8VqgPENxCgm9A==:117 a=NpewwFV3vp0A:10 a=IkcTkHD0fZMA:10 a=-57I09spAAAA:8 a=oR5dmqMzAAAA:8 a=-9mUelKeXuEA:10 a=emO1SXQWCLwA:10 a=r4VhUSv7AAAA:8 a=j4nzMFrpAAAA:8 a=FrmpaNrPxsoxctokB18A:9 a=QEXdDO2ut3YA:10 Message-id: <55030230.4060900@christopherschultz.net> Date: Fri, 13 Mar 2015 11:28:48 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-version: 1.0 To: Tomcat Users List Subject: Re: AW: Migration from Tomcat6-Cluster to Tomcat7-Cluster: Digest Authentication problem References: <5501C929.8000809@apache.org> In-reply-to: <5501C929.8000809@apache.org> Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark, On 3/12/15 1:13 PM, Mark Thomas wrote: > On 12/03/2015 15:20, Sascha Skorupa wrote: >> Hi, >> >> here: >> >> http://grokbase.com/t/tomcat/users/13bvsbwb8s/multiple-servers-and-digest-authentication >> >> >> the same problem is described and the recommended solution is to use sticky load balancing. But, the problem in a tomcat cluster is that the session ID is generated after a successful authentication. The first http response (401 with Authentication Header) does not contain a session ID. >> >> How should sticky load balancing be configured or how to enforce >> session id generation before authentication? > > Most load-balancers have various options for doing this that don't > depend on the back-end server at all. Perhaps an option in Tomcat that will force the creation of a session when a DIGEST authentication is requested might be useful. This would tie e.g. mod_jk to the proper back-end server. I'm not sure how this could be done using mod_jk without such a feature, or changes to mod_jk itself to annotate the request with the chosen worker, which could then be converted into a cookie in order to keep the node-hint associated with the client. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVAwIvAAoJEBzwKT+lPKRYOc4P/2+nCQm+qwhJpz5hxEFaxebx Y34D5ZF9D4OEdGeaRKNj+mYfDPHDpkbI2Ks3bewf1esnIlA96F4oXPdkXMc2Gn/F 1ETNN78g5ulquya/AYmNjVq1fAtjoaiiisKpv5iM0DJIVA0EdH3T8yUoA9t4MwPc ndnt89eFfCeFi3FcJCP6EE1TFib+qWsBsAAwSP1J6JttzCDHviDjLt4aTABwBhXf AAPzD2kLZm69FjphNOLTqaFr0Ec8+uSCGjK+UuC8AgaXYScnxBg92Y80lgqPV77m 7A6TOIVx1O8e1/6Wj1JCk4YrTrjB+90nShkATgnXBy4/DO/jEtFP7QyRovCYbuwf 9kUdl/6IovpR4j4OyYQ8EUPQqXeT3fpKZDk4XiW3iqdRX+zSyBvi95Igd+H9QfEH gK1cMmeXQEdEY0XlgXU82iVNyzbl+JWma8QswiSnXEdYdxPUTKuaZkpx2W/757ID GFlYa87tbHQbfbSnBAx5SqaoIVKqZaob7fnVkD32b0uiaCqw7nxhuB8q/QeiY9e8 8lUoTrccj5Uo+5liBp5/0ztSjSkdIZmUQdLnGhaGDBA9t1zNeyOfbNSXQjHKeEJf l/tl7GNgQ+56pGrlwmuJLPQRTyjwcx+6B9SmpUhJly4YaxMS13Tk77azwVnjCEV4 RQu1uvmH9wOhNCocyyAe =TebI -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org