Re: problem with tomcat clusters sso with apache load balancer

Fri, 04 May 2007 12:33:14 -0700 

Alejandro Fernandez wrote:

Thank you for your answers.

As a workarround (forgetting about clustering), can I use 2 tomcat instances
with different WARs but both using sso?

For instance:

Machine 1 - tomcat #1 - a.war
Machine 2 - tomcat #2 - b.war

both with sso, so when I log-in in application a I am also logged in
application b


Nope.
The SSO info is stored in the memory of each Tomcat instance; which they obviously don't share. 




Regards,
Alejandro
----- Original Message ----- From: "Peter Rossbach" <[EMAIL PROTECTED]> 
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, May 03, 2007 3:16 PM
Subject: Re: problem with tomcat clusters sso with apache load balancer



Hi,

the clusterSSO implementation is not ready:

- at normal shutdown from one application or a node all sessions are
expired.
clusterSSO is a normal session listener and context stop expires
all sessions.
- The sessionID rewrite from JvmRouteBinderValve are not coordinated
with clusterSSO sessionID cache.
- I have made some improvements at the tomcat 5.5 backport :-(

Peter


Am 03.05.2007 um 19:24 schrieb Filip Hanik - Dev Lists:


I don't think the clusterSSO implementation ever really got
finished. It got submitted, but never completed.
At least that was my impression of it

Filip

Alejandro Fernandez wrote:

Hi, I am Alejandro from Argentina.

I am having an issue with tomcat 6.0.10 using clusters and single
sign on, while performing load balance with apache 2.2

When I am accessing a secured page, I try to login (the login form
is shown correctly) but I receive the following:

HTTP Status 400 - Invalid direct reference to form login page

Note: The load balancer makes me switch between 2 tomcat servers.
One switch by page request.

Please tell me if the info is not enough.

Thank you in advance.
--------------------------------------------------------------------- ----- 
httpd.conf
--------------------------------------------------------------------- ----- 

....

<Location /balancer-manager>
SetHandler balancer-manager
</Location>

<Proxy balancer://cluster>
BalancerMember ajp://sismcarrizo:8009
BalancerMember ajp://servisitadores4:8009
</Proxy>

<Proxy balancer://clusterb>
BalancerMember ajp://servisitadores4:8009
</Proxy>

<Location /portal-a>
ProxyPass balancer://cluster/portal-a stickysession=JSESSIONID
</Location>

<Location /portal-b>
ProxyPass balancer://clusterb/portal-b stickysession=JSESSIONID
</Location>

<Location /portal-c>
ProxyPass balancer://cluster/portal-c stickysession=JSESSIONID
</Location>

<Location /accesos-sso>
ProxyPass balancer://cluster/accesos-sso stickysession=JSESSIONID
</Location>

....
--------------------------------------------------------------------- ----- 
server.xml
--------------------------------------------------------------------- ----- 
....

   <Engine name="Catalina" defaultHost="localhost">

      <Cluster
className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="8">
          <Manager
className="org.apache.catalina.ha.session.DeltaManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"/>

          <Channel
className="org.apache.catalina.tribes.group.GroupChannel">
            <Membership
className="org.apache.catalina.tribes.membership.McastService"
                        address="228.0.0.4"
                        port="45564"
                        frequency="500"
                        dropTime="3000"/>
            <Receiver
className="org.apache.catalina.tribes.transport.nio.NioReceiver"
                      address="auto"
                      port="4000"
                      autoBind="100"
                      selectorTimeout="5000"
                      maxThreads="6"/>

            <Sender
className="org.apache.catalina.tribes.transport.ReplicationTransmitte
r">
              <Transport
className="org.apache.catalina.tribes.transport.nio.PooledParallelSen
der"/>
            </Sender>
            <Interceptor
className="org.apache.catalina.tribes.group.interceptors.TcpFailureDe
tector"/>
            <Interceptor
className="org.apache.catalina.tribes.group.interceptors.MessageDispa
tch15Interceptor"/>
          </Channel>

          <Valve
className="org.apache.catalina.ha.tcp.ReplicationValve"
                 filter=""/>
          <Valve
className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>

          <Deployer
className="org.apache.catalina.ha.deploy.FarmWarDeployer"
                    tempDir="/tmp/war-temp/"
                    deployDir="/tmp/war-deploy/"
                    watchDir="/tmp/war-listen/"
                    watchEnabled="false"/>

          <ClusterListener
className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderList
ener"/>
          <ClusterListener
className="org.apache.catalina.ha.session.ClusterSessionListener"/>
        </Cluster>

     <Valve
className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
      <Realm className="org.apache.catalina.realm.JDBCRealm"

driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
             connectionURL="jdbc:microsoft:sqlserver://
desa-0:1433;databasename=accesos;selectmethod=cursor"
              connectionName="accesosusr"
        connectionPassword="j1ra808fa"
              userTable="users"
        userNameCol="username"
        userCredCol="password"
             userRoleTable="user_role"
        roleNameCol="role"
        debug="99"
      />

      <Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
      </Host>
</Engine>
....
--------------------------------------------------------------------- ----- 
web.xml
--------------------------------------------------------------------- ----- 
....

 <!-- Define a Security Constraint on this Application -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>portal-a</web-resource-name>
      <url-pattern>/mercados.jsp</url-pattern>
      <url-pattern>/mercados.page</url-pattern>
      <url-pattern>/mercados.jsf</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <!-- NOTE:  This role is not present in the default users
file -->
       <role-name>accesos</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Define the Login Configuration for this Application -->
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Portal A Application</realm-name>
    <form-login-config>
       <form-login-page>/login.jsp</form-login-page>
       <form-error-page>/error.jsp</form-error-page>
 </form-login-config>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      The role that is required to log in to the Manager Application
    </description>
    <role-name>accesos</role-name>
  </security-role>

<distributable/>
....
--------------------------------------------------------------------- --- 

No virus found in this incoming message.
Checked by AVG Free Edition. Version: 7.5.467 / Virus Database:
269.6.2/784 - Release Date: 5/1/2007 2:57 PM



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to