The thought was that filters can be configured via an alternative method if necessary (such as using the Spring FilterToBeanProxys such that you could access any setters). If that doesn't meet your needs, we can look at an alternative. Also, if you happen to write a Mecached-backed version, I would encourage you to contribute it back to the community if possible.
Cheers, Scott On Fri, Nov 13, 2009 at 10:11 PM, Marc Kenig <[email protected]>wrote: > I am running a CAS authenticated client which is load-balanced in a High > availability environment. > > Sign out is a problem. The hardware load balancer will not necessarily send > the sign out POST from the CAS server to the same resource that the client > browser is stuck to. > > Browser -> HW LB -> Tomcat 1 > > CAS Server-> HW LB -> Tomcat 2 > > The ticket for the browser that authenticated to Tomcat 1 won't be in the > HashMapBackedSessionStorage for Tomcat 2 so the session won't be invalidated > even though Tomcat 1 and Tomcat 2 are in a cluster. > > I've considered a memcached based HashMap for the sign out filter > session-ticket map (SessionMappingStorage), but the > org.jasig.cas.client.session.SignOutFilter is coded in such a way as the > SESSION_MAPPING_STORAGE is not easily replaced with a new implementation. > (Would that the setSessionMappingStorage also have been declared static!) > > Has anybody solved this problem with load balancing logout? > > Marc Kenig > > ****************************************************************** > DemandTec Email Notice > > This email and any attachments may contain confidential and/or proprietary > information and is intended solely for the use of the addressee. If you are > not > the intended recipient we request that you notify us via email or telephone > and > delete all copies of the message from your systems. Additionally, although > DemandTec has taken reasonable precautions to ensure the security of this > email and any attachments, we encourage you to take similar precautions and > accept no liability for any loss or damage resulting from its use. > > DemandTec, 1 Circle Star Way, Suite 200, San Carlos, CA 94070, > 650-226-4600 > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
