12 Replies Latest reply on Mar 27, 2009 5:02 PM by sureshrk19

    login problems on cluster

    luca.xlb

      Hi all!
      We have created an application that works fine on a single jboss.

      Now, we need to go on a cluster.

      I've configured a load balancer and 2 jboss, with mod_jk.

      Session replication seems to work fine.

      The only problem is in the login phase.
      When only one of the two jboss is up all works.
      if both are up, login fail, due to this error:

      Invalid direct reference to form login page

      The error is the same of the direct access to the LoginPage.

      Tha application use a custom JAAS login module, and FORM authentication.
      SingleSignOn is enabled.

      With basic auth all works fine (except logout) ...but i need a form auth



      Any advice?




      The web.xml is


      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Secure Content</web-resource-name>
      <url-pattern>/private/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>ADMIN</role-name>
      <role-name>USER</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login/LoginPage.jsp</form-login-page>
      <form-error-page>/login/LoginPage.jsp</form-error-page>
      </form-login-config>
      </login-config>


        • 1. Re: login problems on cluster
          brian.stansberry

          Sounds like mod_jk isn't configured for sticky sessions. When you post the login form, it's not going back to the server that sent it to you and you get the error you report.

          • 2. Re: login problems on cluster
            trulore

            Why does mod_jk have to have sticky sessions enabled in order to use clustering?

            I thought one of the points of clustering was so you DON'T have to stick a user to a given server.

            It's especially unfortunate, because the application works fine without sticky sessions...once you get back the login problem.

            Robert Pappas

            • 3. Re: login problems on cluster

              I'm facing the same problem!!!

              In a clustered environment the login doesn;t go thru for the first time.

              Please let me know if you find any solution/work-around.

              Thanks,
              Suresh

              • 4. Re: login problems on cluster
                brian.stansberry

                You need sticky sessions because:

                "bstansberry@jboss.com" wrote:
                When you post the login form, it's not going back to the server that sent it to you and you get the error you report.


                This isn't due to mod_jk. It's due to the way Tomcat FORM authentication works.

                • 5. Re: login problems on cluster

                  Hi Brian,

                  Thanks for the reply.

                  The same application works fine on JBoss standalone node and also, when only one node is running in cluster.
                  The problem is only when more than one node is running in cluster.

                  How should I proceed on this?

                  Thanks,
                  Suresh

                  • 6. Re: login problems on cluster
                    brian.stansberry

                    Have you confirmed that sticky sessions are working?

                    • 7. Re: login problems on cluster

                      Nope... that is the next problem; even after setting sticky session the requests are going to both the nodes.

                      Here is my workers.properties content:

                      worker.list=loadbalancer

                      worker.node1.port=8019
                      worker.node1.host=localhost
                      worker.node1.type=ajp13
                      worker.node1.lbfactor=1

                      worker.node4.port=8039
                      worker.node4.host=localhost
                      worker.node4.type=ajp13
                      worker.node4.lbfactor=1

                      worker.loadbalancer.type=lb
                      worker.loadbalancer.sticky_session=1
                      worker.loadbalancer.balance_workers=node1,node4


                      Also, I specified 'jvmRoute' in jboss descriptors.

                      Thanks,
                      Suresh

                      • 8. Re: login problems on cluster

                        Nope... that is the next problem; even after setting sticky session the requests are going to both the nodes.

                        Here is my workers.properties content:

                        worker.list=loadbalancer

                        worker.node1.port=8019
                        worker.node1.host=localhost
                        worker.node1.type=ajp13
                        worker.node1.lbfactor=1

                        worker.node4.port=8039
                        worker.node4.host=localhost
                        worker.node4.type=ajp13
                        worker.node4.lbfactor=1

                        worker.loadbalancer.type=lb
                        worker.loadbalancer.sticky_session=1
                        worker.loadbalancer.balance_workers=node1,node4


                        Also, I specified 'jvmRoute' in jboss descriptors.

                        Thanks,
                        Suresh

                        • 9. Re: login problems on cluster
                          brian.stansberry

                          That looks OK, and I believe you said on one of your other threads that you set UseJK=true.

                          Make a request and have a look at the session cookie; make sure it has the jvmRoute appended.

                          • 10. Re: login problems on cluster

                            Hmmm... something strange

                            Cookie: JSESSIONID=Z-6e9dtO7J4l3N0HREZOpA**.node2


                            "node2" is weird; I have node1 and node4 setup in workers.properties and the same for jvmRoute.


                            Following is the http header data (on first login submit)... and the second request is fine (i.e., if I refresh the page and login then, I could login with-out any issues)

                            -------------------------------------------------------

                            http://localhost/snap/student/j_security_check

                            POST /snap/student/j_security_check HTTP/1.1
                            Host: localhost
                            User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                            Accept-Language: en-us,en;q=0.5
                            Accept-Encoding: gzip,deflate
                            Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
                            Keep-Alive: 300
                            Connection: keep-alive
                            Referer: http://localhost/snap/student/snapdashboard.htm
                            Cookie: JSESSIONID=Z-6e9dtO7J4l3N0HREZOpA**.node2
                            Content-Type: application/x-www-form-urlencoded
                            Content-Length: 117
                            j_dummy_username=suresh%40regent.com&j_username=suresh%40regent.com%7C%7CSTUDENT&j_password=regent&j_usertype=STUDENT

                            HTTP/1.x 400 Invalid direct reference to form login page
                            Date: Fri, 27 Mar 2009 20:20:05 GMT
                            Server: Apache/2.2.11 (Win32) mod_jk/1.2.27
                            Content-Length: 1094
                            Connection: close
                            Content-Type: text/html;charset=utf-8
                            ----------------------------------------------------------

                            • 11. Re: login problems on cluster
                              brian.stansberry

                              JBoss Web appends the value of jvmRoute from server.xml. If you are seeing node2 you've got a misconfig somewhere.

                              • 12. Re: login problems on cluster

                                Brian,
                                Wonderful catch!!!

                                I had duplicate entries for jvmRoute

                                I fixed it... now, it works fine.

                                Thanks for your time.

                                Suresh