Problem with mod_cluster and Digest authentication
tvautrin Jun 25, 2014 5:30 AMHi,
I have configured 2 servers in domain mode (profil ha) and I have deployed a webapp (clustered) which require a digest authentication. Apache is using mod_cluster.
When I request the application, Apache send the request to the node 1 which ask login/password. When I validate with the good data, if my request is send to node 1 by Apache, no problem but randomly, Apache send the request to node 2 which failed because it's not the original node of the authentication request.
I don't know if the problem is due to my configuration, a jboss or mod_cluster bug. Maybe Digest authentication don't work with mod_cluster
Thank you for your help !
The products are :
- JBoss EAP 6.1.0.Final
- Apache 2.2.21 + Mod_cluster 1.2.6 Final (bundle on official site)
Web app configuration (web.xml)
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3.0.xsd">
<display-name>My Web Application</display-name>
<distributable />
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>WEBAPP_ACCESS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
<!-- Security roles used by this web application -->
<security-role>
<role-name>WEBAPP_ACCESS</role-name>
</security-role>
<!-- Session Configuration -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
JBoss configuration :
<subsystem xmlns="urn:jboss:domain:modcluster:1.1">
<mod-cluster-config advertise-socket="modcluster" balancer="mycluster" advertise="false" advertise-security-key="secret" connector="ajp">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
</mod-cluster-config>
</subsystem>
Apache configuration
Listen 127.0.0.1:10001
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:10001>
<Location />
Order deny,allow
Allow from all
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
AdvertiseSecurityKey secret
EnableMCPMReceive
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
</VirtualHost>