On 6/8/2012 1:17 AM, Mikael Brandin wrote:
Hi,
I'm developing a new webservice that will require some scaling out and I
am considering the best approche of achiving this with maximum
flexibility. The general setup constitutes a proxy load balancing
requests to X (> 2) instances of Jetty with each Jetty running the
webservice in question. Using sticky-sessions (proxy routing the same
JSESSIONID requests to the same instance at all times) I assume that
Jetty would be able to handle this out of the box but the trick comes to
authentication. I bascially want a solution that either persists the
session (effectively making the session age in the
database/datasource/redis/...) or use a seperate cookie for
authentication this to be able to use round-robin for request to avoid
user being bound to a single instance. I should mention that the
webservice in question does not rely on using session for storing user
related data.
I am aware that Jetty supports multiple ways for authentication but
consider all authentication methods that involve login/authentication in
seperate steps (form login rather than http basic digest).
I notice that I have rolled at least 3 questions into one here but to
summerize:
- Is authentication persisted with the session (or is that an option)
with Jetty?
- Does anyone know of a setup to achive clustered authentication or is
that the same as clustered sessions?
- What authentication/login service would be best match for handling a
webservice?
Would appreciate any feedback!
With regards,
Mikael Brandin
I was about to ask a similar question. All we need is to store in a
session is the fact that a user has authenticated. I don't want to be
forced to use sticky sessions, but would rather have the session
available to any box that needs it.
What are the best practices here? Somebody help!
_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users
