Authentication and session replication in tomcat cluster setup

Question

I currently have basic tomcat cluster setup with Apache httpd server acting as load balancer(mod_proxy_balancer module)

I have also enabled sticky sessions (added addjvmRoute="server1" and addjvmRoute="server2" in respective configuration file)

I'm using UAA for Authentication in my web app.

I'm able to serve different user from both nodes of tomcat parallel but if one of the nodes goes down request are routed to the other node but those request fails with error "Access Denied: Insufficient privilages for the user"

Tomcat log entry 0:0:0:0:0:0:0:1 - - [11/Jul/2021:22:17:02 +0530] "POST /visualization/Query HTTP/1.1" 403 155
httpd log entry 10.181.113.122 - - [11/Jul/2021:22:16:32 +0530] "POST /visualization/Query HTTP/2.0" 403 144

And I don't see any other entries in log

Cluster configuration in server.xml

      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster">
        <Manager className="org.apache.catalina.ha.session.BackupManager"
                            expireSessionsOnShutdown="false"
                            notifyListenersOnReplication="true"/>
        
        <Channel className="org.apache.catalina.tribes.group.GroupChannel">
            <Membership className="org.apache.catalina.tribes.membership.McastService"
                        address="228.0.0.4"
                        port="45564"
                        frequency="500"
                        dropTime="3000"/>

            <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
                <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
            </Sender>
            
            <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"
                        address="auto"
                        port="4000"
                        autoBind="100"
                        selectorTimeout="5000"
                        maxThreads="6"/>
                    
            <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
        
            <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor"/>
        
        </Channel>
        
        <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" filter=""/>
    
        <Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
    
        <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
        
      </Cluster>

Did you configure a [Tomcat Cluster](https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html) or do you have two independent Tomcat instances? In the latter case session replication can not possibly work. — Piotr P. Karwasz, Jul 11 '21 at 20:05
@PiotrP.Karwasz Yes, I did configuration. Also now added configuration details in the question — Autin, Jul 11 '21 at 20:14
Yes, Anyway it got resolved with the help from this answer https://stackoverflow.com/a/19391515/10030257 — Autin, Jul 13 '21 at 10:26
That is a way to force session replication even if the application is not distributable. Usually Tomcat should replace the usual `Manager` with a `ClusterManager` for distributable applications. — Piotr P. Karwasz, Jul 13 '21 at 11:38
What do you mean by application is not distributable. I have added element in web.xml and configured everything as suggested [here](https://tomcat.apache.org/tomcat-9.0-doc/cluster-howto) — Autin, Jul 13 '21 at 13:28

Authentication and session replication in tomcat cluster setup

0 Answers0