My bad.
I added *.jsp to the filter since it contains the path to index page as
follows. Now, I am wondering when sso session id is created and
replicated, is it when index.jsp was accessed or login.jsp was accessed?
== index.jsp ==
<% response.sendRedirect("/test/index.html?homepage=dyn&prop=Home"); %>
-----Original Message-----
From: Okubo, Yasushi (TSD)
Sent: Thursday, June 24, 2010 1:13 PM
To: 'Tomcat Users List'
Subject: RE: question for sso session replication in tomcat 6.0.26
Hi Pid
I started getting the following error upon login to one node onto
cluster.
Could you tell me what this mean is?
Yasushi
Jun 24, 2010 10:51:58 AM org.apache.catalina.ha.tcp.ReplicationValve
sendReplicationMessage
SEVERE: Unable to perform replication request.
java.lang.NullPointerException
at
org.apache.catalina.ha.tcp.ReplicationValve.isRequestWithoutSessionChang
e(ReplicationValve.java:590)
at
org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessag
e(ReplicationValve.java:516)
at
org.apache.catalina.ha.tcp.ReplicationValve.sendReplicationMessage(Repli
cationValve.java:430)
at
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java
:363)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:102)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555
)
at
org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:
421)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
98)
at
org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:427)
at
org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpApr
Protocol.java:384)
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
-----Original Message-----
From: Pid [mailto:p...@pidster.com]
Sent: Wednesday, June 23, 2010 1:06 AM
To: Tomcat Users List
Subject: Re: question for sso session replication in tomcat 6.0.26
I'll have to look at the code, but maybe you're being affected by a
recent bug whereby the session id changes after login but isn't then
replicated.
You might search bugzilla to see if this applies to 6.0.26.
p
On 22 Jun 2010, at 22:41, "Okubo, Yasushi (TSD)"
<yasushi.ok...@takedasd.com> wrote:
>
> Hi
>
> There were two cookies created by Tomcat 6.0.26. One is for SSO, and
the
> other is for regular session between client and tomcat. JSESSIONID is
> working fine : it means session replication and failover, but not
> JSESSIONIDSSO. JSESSIONIDSSO is updated with new value upon relogin.
>
> yasushi
>
>
> JSESSIONIDSSO
> 65110434847FE0AA1F1EBF0EF0871D25
>
>
> JSESSIONID
> 5CFE92814875C4DEFC554526147698A3.jvm2
>
> -----Original Message-----
> From: Jon Brisbin [mailto:jon.bris...@npcinternational.com]
> Sent: Tuesday, June 22, 2010 2:17 PM
> To: Tomcat Users List
> Cc: Okubo, Yasushi (TSD)
> Subject: Re: question for sso session replication in tomcat 6.0.26
>
> Are you using a "jvmRoute" setting on your BalancerMember definition
in
> mod_proxy config and on the <Engine/> element in server.xml? Your
cookie
> would have the jvmRoute property added to the end of it (e.g.
> ALONGMD5HASH.server1) if so.
>
> From the Almighty Google:
> http://community.jboss.org/wiki/usingmodproxywithjboss
>
> Jon Brisbin
> Portal Webmaster
> NPC International, Inc.
>
>
>
> On Jun 22, 2010, at 3:48 PM, Okubo, Yasushi (TSD) wrote:
>
>> Hi
>>
>> I downloaded apache apache v2.2.15 and compiled and installed, but
the
>> result was the same.
>>
>> Session sso replication looked like failed. Upon shutting down the
>> node, it kicked me out of password protected area and needed to
> re-loin
>> on the second node.
>>
>> On apache, I installed/enabled all modules including basic
>> authentication etc. Is there any requirement on apache side or how
> the
>> virtual host should be set up in httpd.conf to make sso failover
work?
>>
>> Thanks,
>> yasushi
>>
>> -----Original Message-----
>> From: Pid [mailto:p...@pidster.com]
>> Sent: Tuesday, June 22, 2010 8:04 AM
>> To: Tomcat Users List
>> Subject: Re: question for sso session replication in tomcat 6.0.26
>>
>> On 22/06/2010 15:56, Okubo, Yasushi (TSD) wrote:
>>> Hi Andrew
>>>
>>> In case of no failover, SSO works for all web applications on the
> same
>> host. Upon failover [shutting down one node], a user is routed to
the
>> other node, and TC is asking for a user to re-login when he/she tried
> to
>> access password protected area.
>>>
>>> I have checked many times on server.xml and session replication is
>> working fine upon failover, so I cannot think any misconfiguration on
>> server.xml
>>> The issue is SSO failover is not working. I think it might be
> related
>> to my apache virtual host setup, but could not figure it out.
>>>
>>> Thanks for your help,
>>> yasushi
>>>
>>> I am using mod_proxy_ajp, mod_proxy_balancer [v2.2.3]
>>
>> mod_proxy_ajp appeared in 2.2.3 for the first time, it was functional
>> but not perfect & there are many bugfixes and improvements since
then,
>> you should upgrade HTTPD.
>>
>>
>> p
>>
>>> OS : Redhat Linux 64bit RHEL v5.5
>>> JDK : 1.6.0.20
>>>
>>> === I created virtual host on port 9050 ==
>>> Httpd.conf
>>>
>>> <VirtualHost 10.250.200.57:9050>
>>> ServerAdmin xyz
>>> ServerName webclust1.xyz.com
>>> ServerAlias webclust1
>>> ErrorLog logs/webclust_cluster_error.log
>>> CustomLog logs/webclust-cluster-access_log common
>>>
>>> <Location /balancer-manager>
>>> SetHandler balancer-manager
>>>
>>> Order Deny,Allow
>>> Deny from all
>>> Allow from all
>>> </Location>
>>>
>>> ProxyRequests off
>>> <Proxy balancer://webclust>
>>> BalancerMember ajp://10.250.200.57:9001 loadfactor=10 max=150
> smax=145
>> route=jvm1
>>> BalancerMember ajp://10.250.200.57:9002 loadfactor=10 max=150
> smax=145
>> route=jvm2
>>> BalancerMember ajp://10.250.200.57:9003 loadfactor=10 max=150
> smax=145
>> route=jvm3
>>> Order Deny,Allow
>>> Allow from all
>>> </Proxy>
>>>
>>> #Do not proxy balancer-manager
>>> ProxyPass /balancer-manager !
>>>
>>> <Location /examples>
>>> ProxyPass balancer://webclust/examples
>> stickysession=JSESSIONID|jsessionid
>>> ProxyPassReverse balancer://webclust/examples
>>> Order Deny,Allow
>>> Allow from all
>>> </Location>
>>>
>>> <Location / >
>>> ProxyPass balancer://webclust/ stickysession=JSESSIONID|jsessionid
>>> ProxyPassReverse balancer://webclust/
>>> Order Deny,Allow
>>> Allow from all
>>> </Location>
>>>
>>>
>>> === server.xml ===
>>> <!-- Define an AJP 1.3 Connector on port 8009 -->
>>> <Connector port="9002" protocol="AJP/1.3" redirectPort="8443" />
>>>
>>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>>>
>>> <Host name="localhost" appBase="webapps"
>>> unpackWARs="true" autoDeploy="true"
>>> xmlValidation="false" xmlNamespaceAware="false">
>>>
>>> <Cluster
>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
>>> channelSendOptions="4">
>>>
>>> <Manager
>> className="org.apache.catalina.ha.session.DeltaManager"
>>> name="node2"
>>> expireSessionsOnShutdown="false"
>>> notifyListenersOnReplication="true"/>
>>>
>>> <Channel
>> className="org.apache.catalina.tribes.group.GroupChannel">
>>> <Membership
>> className="org.apache.catalina.tribes.membership.McastService"
>>> address="228.0.0.5"
>>> port="45564"
>>> frequency="500"
>>> dropTime="3000"/>
>>> <Receiver
>> className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>>> address="auto"
>>> port="4020"
>>> autoBind="100"
>>> selectorTimeout="5000"
>>> maxThreads="12"/>
>>> <Sender
>>
>
className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
>>> <Transport
>>
>
className="org.apache.catalina.tribes.transport.nio.PooledParallelSender
>> "/>
>>> </Sender>
>>> <Interceptor
>>
>
className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetec
>> tor"/>
>>> <Interceptor
>>
>
className="org.apache.catalina.tribes.group.interceptors.MessageDispatch
>> 15Interceptor"/>
>>> <Interceptor
>>
>
className="org.apache.catalina.tribes.group.interceptors.ThroughputInter
>> ceptor"/>
>>> </Channel>
>>>
>>> <Valve
>> className="org.apache.catalina.ha.tcp.ReplicationValve"
>>>
>>
>
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;
>> .*\.xls;.*\.sdf;.*\.xml;"/>
>>> <!-- only with jk_mod failover-->
>>> <Valve
>> className="org.apache.catalina.ha.session.JvmRouteBinderValve"
>>> enabled="true" sessionIdAttribute="takeoverSessionid"
>> />
>>> <!--
>>> <Deployer
>> className="org.apache.catalina.ha.deploy.FarmWarDeployer"
>>> tempDir="/tmp/war-temp/"
>>>
>> deployDir="/usr/local/apache/node2-tomcat-6.0.26/webapps"
>>> watchDir="/tmp/war-listen/"
>>> watchEnabled="true"/>
>>> -->
>>> <!-- only with jk_mod and jvmroutebindervalve-->
>>> <ClusterListener
>>
>
className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListene
>> r"/>
>>> <ClusterListener
>> className="org.apache.catalina.ha.session.ClusterSessionListener"/>
>>> </Cluster>
>>>
>>> <Valve
>> className="org.apache.catalina.ha.authenticator.ClusterSingleSignOn"
> />
>>>
>>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="logs"
>>> prefix="webappqa_node2_access_log." suffix=".log"
>> pattern="common" resolveHosts="false"/>
>>>
>>> </Host>
>>> </Engine>
>>>
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
