I am struggling with the same issue. If I come up with anything I will let you know. See my posts for what I have tried. It appeared the ClusteredSession used a principal attribute which was transient. I changed to no avail. Please let me know if find a solution, and I will do the same.
The best way maybe to dive into the source to find out the answer and figure out what we can do with it.Without this kind of clustering feature,I think jboss clustering will not be as useful as it seems to be.I know there are quite a lot starting projects that use the J2EE Declarative Security Model to implement their security requirement.
However,before doing that I just want someone there who have done the clustering stuff give me a confirmation whether it's supported or not.
If I can find a solution,I surely will be happy to share with you the knowhow.The problem is that for the time being I'am busy one other things.About 10 days later,I'll come back to this issue.
I have been knocking my head on this constantly for two days now. I I setup with the configuration for tomcat/jboss/apachage directly out of the FAQ. I will happilly attach the file if it would be helpful, but they are essentally identical. FOr the clustering configuration I followed instructions in the clustering docs (adding the file jboss jbossha-httpsession.sar, adding the javagroups2.0.jar file to the default/lib directory and adding the cluster-service.xml file to the default/deploy directory). And for the mostpart clustering seems to work (after I have been asked to login twice :(. Any help will be much appreciated.
If there are any particular files I couild provide to help someone trouble shoot please let me know)
For now I have resorted to a simpler load balancing scenario with sticky sessions using the jvmRoute parameter. This approach scales well, but does not provide the transparent failover my customers desire.