0 Replies Latest reply on Jun 25, 2014 5:30 AM by tvautrin

    Problem with mod_cluster and Digest authentication

    tvautrin
    tvautrin Jun 25, 2014 5:30 AM

      Hi,

       

       

      I have configured 2 servers in domain mode (profil ha) and I have deployed a webapp (clustered) which require a digest authentication. Apache is using mod_cluster.

       

       

      When I request the application, Apache send the request to the node 1 which ask login/password. When I validate with the good data, if my request is send to node 1 by Apache, no problem but randomly, Apache send the request to node 2 which failed because it's not the original node of the authentication request.

       

       

      I don't know if the problem is due to my configuration, a jboss or mod_cluster bug. Maybe Digest authentication don't work with mod_cluster

       

      Thank you for your help !

       

       

      The products are :

       

       

      - JBoss EAP 6.1.0.Final

      - Apache 2.2.21 + Mod_cluster 1.2.6 Final (bundle on official site)

       

       

       

       

      Web app configuration (web.xml)

       

       

      <?xml version="1.0" encoding="UTF-8"?>

      <web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3.0.xsd">

        <display-name>My Web Application</display-name>

        <distributable />

        <security-constraint>

        <web-resource-collection>

        <web-resource-name>All Access</web-resource-name>

        <url-pattern>/protected/*</url-pattern>

        </web-resource-collection>

        <auth-constraint>

        <role-name>WEBAPP_ACCESS</role-name>

        </auth-constraint>

        </security-constraint>

        <login-config>

        <auth-method>DIGEST</auth-method>

        <realm-name>ApplicationRealm</realm-name>

        </login-config>

        <!-- Security roles used by this web application -->

        <security-role>

        <role-name>WEBAPP_ACCESS</role-name>

        </security-role>

       

       

        <!-- Session Configuration -->

        <session-config>

        <session-timeout>30</session-timeout>

        </session-config>

      </web-app>

       

       

      JBoss configuration :

       

       

      <subsystem xmlns="urn:jboss:domain:modcluster:1.1">

        <mod-cluster-config advertise-socket="modcluster" balancer="mycluster" advertise="false" advertise-security-key="secret" connector="ajp">

        <dynamic-load-provider>

        <load-metric type="busyness"/>

        </dynamic-load-provider>

        </mod-cluster-config>

      </subsystem>

       

       

      Apache configuration

       

       

      Listen 127.0.0.1:10001

      ManagerBalancerName mycluster

      <VirtualHost 127.0.0.1:10001>

        <Location />

        Order deny,allow   

        Allow from all

        </Location>

       

       

        KeepAliveTimeout 300

        MaxKeepAliveRequests 0

        AdvertiseFrequency 5

        AdvertiseSecurityKey secret

        EnableMCPMReceive

       

       

        <Location /mod_cluster-manager>

          SetHandler mod_cluster-manager

          Order deny,allow

          Allow from all

        </Location>

       

       

      </VirtualHost>

      • 254 Views
      • Tags: