0 Replies Latest reply on Mar 4, 2005 8:57 AM by Eugene Marko

    HTTPSession replication and FORM security

    Eugene Marko Newbie

      Hi all,

      Creating now two-node cluster based on jboss 3.2.5. Really need HTTP session replication for real failover for critical application. But got strange error with working under cluster. Single-unit mode was working ok... Digging on forum, google etc... leeds me to write sample application for testing...

      And noticed strange thing. Everything is working ok without authentification or with BASIC authentification. But existing application should have FORM authorization...

      Here is some code, config files and xml descriptiors to show what I have:

      I tested this with Jmeter with 100 concurent users - session replication works ok...
      index.jsp

      <%
       Integer counter = null;
       counter = (Integer)session.getAttribute("counter");
       String userT = request.getParameter("thread");
       String counterT = request.getParameter("counter");
       String thread = (String)session.getAttribute("thread");
       if (counter != null) {
       counter = new Integer(counter.intValue()+1);
       } else {
       counter = new Integer(1);
       session.setAttribute("thread",userT);
       thread = userT;
       }
       session.setAttribute("counter",counter);
       System.out.println("Test jsp: "+counter+" : : "+session.getId());
      %>
      Current Session:<%=session.getId()%><br/>
      Session Attribute:<%=counter.intValue()%> :: <%=counterT%> <br/>
      User Track: <%=userT%> :: <%=thread%> <br/>
      Running node:<%=System.getProperty("jboss.bind.address")%>
      
      


      login.jsp
      <form method="POST" action="j_security_check" name="loginForm">
      <input type="input" name="j_password" value="">
      <input type="input" name="j_username" value="">
      <input type="submit">
      </form>
      


      web.xml
      <web-app>
       <distributable/>
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>Secured</web-resource-name>
       <description/>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>*</role-name>
       </auth-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>BASIC</auth-method>
      <!-- DOES NOT WORK !!! WHY??? <auth-method>FORM</auth-method> -->
       <realm-name>SMASH</realm-name>
      <!--
       <form-login-config>
       <form-login-page>/login.jsp</form-login-page>
       <form-error-page>/login.jsp?status=failed</form-error-page>
       </form-login-config> -->
       </login-config>
      
       <security-role>
       <role-name>Weird</role-name>
       </security-role>
      
      
      </web-app>
      
      


      jboss-web.xml
      <jboss-web>
       <security-domain>java:/jaas/SMASH</security-domain>
      </jboss-web>
      


      ...all/deploy/jbossweb-tomcat50.sar/META-INF/jboss-service.xml
      Should change it from default true to have really working session replication...
      ...
      <attribute name="UseLocalCache">false</attribute>
      ...
      



      Can anybody point me to the right direction? Why BASIC works and FORM - not...