On 24/06/2010 21:49, Okubo, Yasushi (TSD) wrote: > My bad. > > I added *.jsp to the filter since it contains the path to index page as > follows. Now, I am wondering when sso session id is created and > replicated, is it when index.jsp was accessed or login.jsp was accessed?
You had added it and have now removed it? The normal session id is created when you access a JSP for the first time, unless you have specifically configured JSPs to not create a session. A session can also be created manually by a Filter or a Servlet. The SSO session is created when the container login process completes authentication successfully. I'm not entirely clear on when SSO replication occurs - presumably only when there's a change like session invalidation or creation. p > == index.jsp == > <% response.sendRedirect("/test/index.html?homepage=dyn&prop=Home"); %> > > -----Original Message----- > From: Okubo, Yasushi (TSD) > Sent: Thursday, June 24, 2010 1:13 PM > To: 'Tomcat Users List' > Subject: RE: question for sso session replication in tomcat 6.0.26 > > > Hi Pid > > I started getting the following error upon login to one node onto > cluster. > Could you tell me what this mean is? > > Yasushi > > > Jun 24, 2010 10:51:58 AM org.apache.catalina.ha.tcp.ReplicationValve > sendReplicationMessage > SEVERE: Unable to perform replication request. > java.lang.NullPointerException > at > org.apache.catalina.ha.tcp.ReplicationValve.isRequestWithoutSessionChang > e(ReplicationValve.java:590) > at > org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessag > e(ReplicationValve.java:516) > at > org.apache.catalina.ha.tcp.ReplicationValve.sendReplicationMessage(Repli > cationValve.java:430) > at > org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java > :363) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java > :102) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555 > ) > at > org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java: > 421) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2 > 98) > at > org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:427) > at > org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpApr > Protocol.java:384) > at > org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555) > at java.lang.Thread.run(Thread.java:619) > > > -----Original Message----- > From: Pid [mailto:p...@pidster.com] > Sent: Wednesday, June 23, 2010 1:06 AM > To: Tomcat Users List > Subject: Re: question for sso session replication in tomcat 6.0.26 > > I'll have to look at the code, but maybe you're being affected by a > recent bug whereby the session id changes after login but isn't then > replicated. > > You might search bugzilla to see if this applies to 6.0.26. > > > p > > On 22 Jun 2010, at 22:41, "Okubo, Yasushi (TSD)" > <yasushi.ok...@takedasd.com> wrote: > >> >> Hi >> >> There were two cookies created by Tomcat 6.0.26. One is for SSO, and > the >> other is for regular session between client and tomcat. JSESSIONID is >> working fine : it means session replication and failover, but not >> JSESSIONIDSSO. JSESSIONIDSSO is updated with new value upon relogin. >> >> yasushi >> >> >> JSESSIONIDSSO >> 65110434847FE0AA1F1EBF0EF0871D25 >> >> >> JSESSIONID >> 5CFE92814875C4DEFC554526147698A3.jvm2 >> >> -----Original Message----- >> From: Jon Brisbin [mailto:jon.bris...@npcinternational.com] >> Sent: Tuesday, June 22, 2010 2:17 PM >> To: Tomcat Users List >> Cc: Okubo, Yasushi (TSD) >> Subject: Re: question for sso session replication in tomcat 6.0.26 >> >> Are you using a "jvmRoute" setting on your BalancerMember definition > in >> mod_proxy config and on the <Engine/> element in server.xml? Your > cookie >> would have the jvmRoute property added to the end of it (e.g. >> ALONGMD5HASH.server1) if so. >> >> From the Almighty Google: >> http://community.jboss.org/wiki/usingmodproxywithjboss >> >> Jon Brisbin >> Portal Webmaster >> NPC International, Inc. >> >> >> >> On Jun 22, 2010, at 3:48 PM, Okubo, Yasushi (TSD) wrote: >> >>> Hi >>> >>> I downloaded apache apache v2.2.15 and compiled and installed, but > the >>> result was the same. >>> >>> Session sso replication looked like failed. Upon shutting down the >>> node, it kicked me out of password protected area and needed to >> re-loin >>> on the second node. >>> >>> On apache, I installed/enabled all modules including basic >>> authentication etc. Is there any requirement on apache side or how >> the >>> virtual host should be set up in httpd.conf to make sso failover > work? >>> >>> Thanks, >>> yasushi >>> >>> -----Original Message----- >>> From: Pid [mailto:p...@pidster.com] >>> Sent: Tuesday, June 22, 2010 8:04 AM >>> To: Tomcat Users List >>> Subject: Re: question for sso session replication in tomcat 6.0.26 >>> >>> On 22/06/2010 15:56, Okubo, Yasushi (TSD) wrote: >>>> Hi Andrew >>>> >>>> In case of no failover, SSO works for all web applications on the >> same >>> host. Upon failover [shutting down one node], a user is routed to > the >>> other node, and TC is asking for a user to re-login when he/she tried >> to >>> access password protected area. >>>> >>>> I have checked many times on server.xml and session replication is >>> working fine upon failover, so I cannot think any misconfiguration on >>> server.xml >>>> The issue is SSO failover is not working. I think it might be >> related >>> to my apache virtual host setup, but could not figure it out. >>>> >>>> Thanks for your help, >>>> yasushi >>>> >>>> I am using mod_proxy_ajp, mod_proxy_balancer [v2.2.3] >>> >>> mod_proxy_ajp appeared in 2.2.3 for the first time, it was functional >>> but not perfect & there are many bugfixes and improvements since > then, >>> you should upgrade HTTPD. >>> >>> >>> p >>> >>>> OS : Redhat Linux 64bit RHEL v5.5 >>>> JDK : 1.6.0.20 >>>> >>>> === I created virtual host on port 9050 == >>>> Httpd.conf >>>> >>>> <VirtualHost 10.250.200.57:9050> >>>> ServerAdmin xyz >>>> ServerName webclust1.xyz.com >>>> ServerAlias webclust1 >>>> ErrorLog logs/webclust_cluster_error.log >>>> CustomLog logs/webclust-cluster-access_log common >>>> >>>> <Location /balancer-manager> >>>> SetHandler balancer-manager >>>> >>>> Order Deny,Allow >>>> Deny from all >>>> Allow from all >>>> </Location> >>>> >>>> ProxyRequests off >>>> <Proxy balancer://webclust> >>>> BalancerMember ajp://10.250.200.57:9001 loadfactor=10 max=150 >> smax=145 >>> route=jvm1 >>>> BalancerMember ajp://10.250.200.57:9002 loadfactor=10 max=150 >> smax=145 >>> route=jvm2 >>>> BalancerMember ajp://10.250.200.57:9003 loadfactor=10 max=150 >> smax=145 >>> route=jvm3 >>>> Order Deny,Allow >>>> Allow from all >>>> </Proxy> >>>> >>>> #Do not proxy balancer-manager >>>> ProxyPass /balancer-manager ! >>>> >>>> <Location /examples> >>>> ProxyPass balancer://webclust/examples >>> stickysession=JSESSIONID|jsessionid >>>> ProxyPassReverse balancer://webclust/examples >>>> Order Deny,Allow >>>> Allow from all >>>> </Location> >>>> >>>> <Location / > >>>> ProxyPass balancer://webclust/ stickysession=JSESSIONID|jsessionid >>>> ProxyPassReverse balancer://webclust/ >>>> Order Deny,Allow >>>> Allow from all >>>> </Location> >>>> >>>> >>>> === server.xml === >>>> <!-- Define an AJP 1.3 Connector on port 8009 --> >>>> <Connector port="9002" protocol="AJP/1.3" redirectPort="8443" /> >>>> >>>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> >>>> >>>> <Host name="localhost" appBase="webapps" >>>> unpackWARs="true" autoDeploy="true" >>>> xmlValidation="false" xmlNamespaceAware="false"> >>>> >>>> <Cluster >>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster" >>>> channelSendOptions="4"> >>>> >>>> <Manager >>> className="org.apache.catalina.ha.session.DeltaManager" >>>> name="node2" >>>> expireSessionsOnShutdown="false" >>>> notifyListenersOnReplication="true"/> >>>> >>>> <Channel >>> className="org.apache.catalina.tribes.group.GroupChannel"> >>>> <Membership >>> className="org.apache.catalina.tribes.membership.McastService" >>>> address="228.0.0.5" >>>> port="45564" >>>> frequency="500" >>>> dropTime="3000"/> >>>> <Receiver >>> className="org.apache.catalina.tribes.transport.nio.NioReceiver" >>>> address="auto" >>>> port="4020" >>>> autoBind="100" >>>> selectorTimeout="5000" >>>> maxThreads="12"/> >>>> <Sender >>> >> > className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> >>>> <Transport >>> >> > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender >>> "/> >>>> </Sender> >>>> <Interceptor >>> >> > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetec >>> tor"/> >>>> <Interceptor >>> >> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatch >>> 15Interceptor"/> >>>> <Interceptor >>> >> > className="org.apache.catalina.tribes.group.interceptors.ThroughputInter >>> ceptor"/> >>>> </Channel> >>>> >>>> <Valve >>> className="org.apache.catalina.ha.tcp.ReplicationValve" >>>> >>> >> > filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt; >>> .*\.xls;.*\.sdf;.*\.xml;"/> >>>> <!-- only with jk_mod failover--> >>>> <Valve >>> className="org.apache.catalina.ha.session.JvmRouteBinderValve" >>>> enabled="true" sessionIdAttribute="takeoverSessionid" >>> /> >>>> <!-- >>>> <Deployer >>> className="org.apache.catalina.ha.deploy.FarmWarDeployer" >>>> tempDir="/tmp/war-temp/" >>>> >>> deployDir="/usr/local/apache/node2-tomcat-6.0.26/webapps" >>>> watchDir="/tmp/war-listen/" >>>> watchEnabled="true"/> >>>> --> >>>> <!-- only with jk_mod and jvmroutebindervalve--> >>>> <ClusterListener >>> >> > className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListene >>> r"/> >>>> <ClusterListener >>> className="org.apache.catalina.ha.session.ClusterSessionListener"/> >>>> </Cluster> >>>> >>>> <Valve >>> className="org.apache.catalina.ha.authenticator.ClusterSingleSignOn" >> /> >>>> >>>> <Valve className="org.apache.catalina.valves.AccessLogValve" >>> directory="logs" >>>> prefix="webappqa_node2_access_log." suffix=".log" >>> pattern="common" resolveHosts="false"/> >>>> >>>> </Host> >>>> </Engine> >>>> >>>> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature