4 Replies Latest reply on Mar 31, 2015 9:42 AM by pferraro

Wildfly 8.1.0 Clustering with CachedAuthenticatedSessionMechanism

rktozer Mar 27, 2015 5:46 AM

I have a problem with session replication and form authentication on Wildfly 8.1.0.Final. I have a working cluster, and I've added <distributable/> to my web.xml. Sessions are being replicated but the AuthenticatedSession attribute containing the Principal does not get synced which means failover and load balancing don't work. Other attributes I set on the session are replicated and visible on other nodes, just the AuthenticatedSession is ignored.

This is the the same issue described here https://developer.jboss.org/thread/235780 which was supposedly fixed in 8.0.0.Final. But looking at the commit for the associated bug, it looks like that whole mechanism has been rewritten.

I don't want to enable SSO (which masks this issue, but introduces other problems in 8.1.0), I just want the authentication status of a session replicated across the cluster so that failover and load balancing work. Should this be working? Am I doing something to break it?

Regards

Richard

1. Re: Wildfly 8.1.0 Clustering with CachedAuthenticatedSessionMechanism

pferraro Mar 30, 2015 9:29 AM (in response to rktozer)

Strange. We have a test for this:
https://github.com/wildfly/wildfly/blob/8.1.0.Final/testsuite/integration/clust/src/test/java/org/jboss/as/test/clustering/cluster/web/authentication/FormAuthenticationWebFailoverTestCase.java
Are you doing anything in particular that this test does not?
Actions
2. Re: Wildfly 8.1.0 Clustering with CachedAuthenticatedSessionMechanism

rktozer Mar 30, 2015 11:07 AM (in response to pferraro)

Hi

Thank you for getting back to me and for the link to the test case. It is good to confirm it should be working, with an example, and that the problem must be something we're doing.
We have a custom form authentication mechanism which is no doubt the problem. It is pretty much the ServletFormAuthenticationMechanism and FormAuthenticationMechanism out of undertow core with a few tweaks to return a json response if the Accept header for appliction/json is set.
It shouldn't block other Authentication Mechanisms (CachedAuthenticatedSessionMechanism is hit but doesn't find the AuthenticatedSession), and does set cachingRequired true when it calls AuthenticationComplete etc. The AuthenticatedSession is added to the session locally, but does not get replicated which is odd as other attributes are replicated. We must be missing something, perhaps something wraps one of those classes we based this on adding functionality required for replication that we're now missing.

I just confirmed that if I use <auth-method>FORM</auth-method> it works as expected, so it is definitely our custom authentication mechanism.

Thanks
Richard
Actions
3. Re: Wildfly 8.1.0 Clustering with CachedAuthenticatedSessionMechanism

rktozer Mar 31, 2015 5:44 AM (in response to rktozer)

Found the actual problem if anyone encounters this.
It must check the authentication mechanism type from the name before replicating the AuthenticatedSession. I changed the custom mechanism 'name' variable to be "FORM", as it would be in the default form mechanism and it is now working.
Actions
4. Re: Wildfly 8.1.0 Clustering with CachedAuthenticatedSessionMechanism

pferraro Mar 31, 2015 9:42 AM (in response to rktozer)

Really, we should be treating custom authentication mechanisms the same way we treat FORM authentication.
I've opened [WFLY-4475] Replicate AuthenticatedSession when using custom authentication mechanisms - JBoss Issue Tracker
Actions

Go to original post