If you are using authorization caching for your realm and you want that
cache to be clustered you'll need to define a cache entry for that too:
For example:
<cache name="com.foo.MyRealm.authorizationCache"
diskPersistent="false"
overflowToDisk="false"
maxElementsInMemory="10000"
eternal="true"
timeToLiveSeconds="0"
timeToIdleSeconds="0">
<terracotta/>
</cache>
-- Eric
On Mon, Aug 8, 2011 at 5:18 PM, Les Hazlewood <[email protected]> wrote:
> On Mon, Aug 8, 2011 at 6:47 AM, Chris <[email protected]> wrote:
> > You're welcome.
> >
> > I got to the bottom of the Terracotta Clustering issues I was having.
> >
> > The solution required correct sessionMode and cookie configuration as
> well
> > as working around a problem with the favicon.ico request in some browsers
> > (Chrome and Safari in particular).
> >
> > The configuration provided by F A V
> >
> http://shiro-user.582556.n2.nabble.com/Shiro-and-multiple-wars-within-the-same-Servlet-Container-tp5560737p5563334.html
> > on another question supplied a working shiro.ini main config:
> >
> >
> >
> >> [main]
> >> # Cache for single sign on
> >> ssoCacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
> >> ssoCacheManager.cacheManagerConfigFile = classpath:ehcache.xml
> >> securityManager.cacheManager = $ssoCacheManager
> >>
> >> # Native mode for single sign on
> >> securityManager.sessionMode = native
> >>
> >> # DAO for single sign on
> >> sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
> >> securityManager.sessionManager.sessionDAO = $sessionDAO
> >>
> >> # Cookie for single sign on
> >> cookie = org.apache.shiro.web.servlet.SimpleCookie
> >> cookie.name = SSOcookie
> >> cookie.path = /
> >> securityManager.sessionManager.sessionIdCookie = $cookie
> >>
> >> [urls]
> >> # Some browsers experience 404 errors when requesting the favicon.ico
> >> /favicon.ico = anon
> >>
> >
> > Note the favicon.ico pattern match.
>
> Yep, this is good to point out - I myself have that same rule in the
> Shiro configurations I use for the same reason.
>
> > The ehcache.xml file also needed to be tweaked from the default
> > configuration file following the
> >
> http://ehcache.org/documentation/distributed_caching_with_terracotta.html
> > Ehcache documentation :
> >
> >
> >
> >> <ehcache>
> >> <terracottaConfig url="localhost:9510"/>
> >> <diskStore path="java.io.tmpdir/shiro-ehcache"/>
> >> <defaultCache
> >> maxElementsInMemory="10000"
> >> eternal="false"
> >> timeToIdleSeconds="120"
> >> timeToLiveSeconds="120"
> >> overflowToDisk="false"
> >> diskPersistent="false"
> >> diskExpiryThreadIntervalSeconds="120">
> >> <terracotta/>
> >> </defaultCache>
> >> <cache name="shiro-activeSessionCache"
> >> maxElementsInMemory="10000"
> >> eternal="true"
> >> timeToLiveSeconds="0"
> >> timeToIdleSeconds="0"
> >> diskPersistent="false"
> >> overflowToDisk="false"
> >> diskExpiryThreadIntervalSeconds="600">
> >> <terracotta/>
> >> </cache>
> >> <cache name="org.apache.shiro.realm.text.PropertiesRealm-0-accounts"
> >> maxElementsInMemory="1000"
> >> eternal="true"
> >> overflowToDisk="false">
> >> <terracotta/>
> >> </cache>
> >> </ehcache>
> >>
> >
> > Also note the addition of the Terracotta elements in the ehcache and
> cache
> > blocks. The cache disk options have been toggled to false as well, as
> these
> > operations aren't supported in a cluster in this form.
>
> This is great - thanks for sharing Chris. I'll add this to the
> documentation as well.
>
> > I hope I haven't missed anything obvious with this configuration.
> Together
> > with an Active/Passive Terracotta array I've successfully configured two
> > webapps served on each of three Tomcat servers to use a single sign on in
> a
> > proof of concept system.
> >
> > I'm very impressed with Shiro.
>
> We're glad you enjoy it! Any time you have feedback like what you've
> shared already, please keep it coming - it is what helps Shiro become
> better.
>
> Best,
>
> --
> Les Hazlewood
> CTO, Katasoft | http://www.katasoft.com | 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> katasoft blog: http://www.katasoft.com/blogs/lhazlewood
> personal blog: http://leshazlewood.com
>
