2009/9/17 Mark Thomas <ma...@apache.org> > Rex Wang wrote: > > Dear Tomcat, > > > > I meet a problem when config a web project which using the form based > > security in clustering. > > Clustering or load-balancing? Whether or not session replication is > configured between your Tomcat instance's is key. >
I guess the j_security_check is not implemented by session. so the session replication does not work for security check, right? and I see the following in tomcat document: To run session replication in your Tomcat 6.0 container, the following steps should be completed: - All your session attributes must implement java.io.Serializable - Uncomment the Cluster element in server.xml - If you have defined custom cluster valves, make sure you have the ReplicationValve defined as well under the Cluster element in server.xml - If your Tomcat instances are running on the same machine, make sure the tcpListenPort attribute is unique for each instance, in most cases Tomcat is smart enough to resolve this on it's own by autodetecting available ports in the range 4000-4100 - Make sure your web.xml has the <distributable/> element or set at your <Context distributable="true" /> - If you are using mod_jk, make sure that jvmRoute attribute is set at your Engine <Engine name="Catalina" jvmRoute="node01" > and that the jvmRoute attribute value matches your worker name in workers.properties - Make sure that all nodes have the same time and sync with NTP service! - *Make sure that your loadbalancer is configured for sticky session mode.* So the sticky session is the precondition of tomcat clustering? thanks a lot! -Rex > > > When I set session affinity = true in my front http server, the security > > check was done in single node, there is no problem with that. > > But if I set affinity = false, the requests from the security check > process > > are sent to 2 nodes, and it is really strange.. eg: > > > > 1. From index.html(NodeA), try to access protected resouce > > 2. Go to the logon.html(NodeB), I input the id/passwd, and then submit > > 3. The request looks like sent to NodeA, but did not do any check > operation. > > > > Does that work as design? that is, if I wanna use form check security, my > > cluster must be session affinity? > > That depends on the answer to the question above. > > Mark > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
