This discussion is archived
0 Replies Latest reply: Mar 2, 2011 12:56 PM by 804089 RSS

opensso custom authentication module and tomcat cluster

804089 Newbie
Currently Being Moderated
I have a custom authentication module configured to provide authentication for web application using opensso and spring security. The setup is as follows

1. web application deployed on tomcat 6.0.20 cluster (2 to 4 servers in various env) infront of a loadbalancer. all tomcats on different systems.
2. web application filter using spring security 2.0.4
3. opensso Enterprise 8.0 Build 6(2008-October-31 09:07) deployed on tomcat 6.0.18 using sun directory server for user and config store
4. custom authentication module similar to the opensso spring provider available at java.net/projects/opensso
5. no policy agent

This works great when web application is running on single tomcat or 2 tomcats clustered on the same system. When this application is deployed on tomcat clusters setup on 2 separate systems, user is authenticated but I see the following in catalina.log

Mar 2, 2011 3:40:23 PM org.apache.catalina.ha.session.DeltaManager requestCompleted
SEVERE: Unable to serialize delta request for sessionid [7D02C564C7523BF355BF30F426923F6C.webdev02]
java.io.NotSerializableException: com.iplanet.sso.providers.dpro.SSOTokenImpl
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1081)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1375)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1347)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1290)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1079)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1375)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1347)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1290)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1079)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:302)
at org.apache.catalina.ha.session.DeltaRequest$AttributeInfo.writeExternal(DeltaRequest.java:374)
at org.apache.catalina.ha.session.DeltaRequest.writeExternal(DeltaRequest.java:272)
at org.apache.catalina.ha.session.DeltaRequest.serialize(DeltaRequest.java:287)
at org.apache.catalina.ha.session.DeltaManager.serializeDeltaRequest(DeltaManager.java:640)
at org.apache.catalina.ha.session.DeltaManager.requestCompleted(DeltaManager.java:1120)
at org.apache.catalina.ha.tcp.ReplicationValve.send(ReplicationValve.java:550)
at org.apache.catalina.ha.tcp.ReplicationValve.sendMessage(ReplicationValve.java:537)
at org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessage(ReplicationValve.java:519)
at org.apache.catalina.ha.tcp.ReplicationValve.sendReplicationMessage(ReplicationValve.java:430)
at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:363)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Thread.java:595)

The spring security context has the following in session after user authentication
SPRING_SECURITY_CONTEXT     org.springframework.security.context.SecurityContextImpl@e3ab7b7f: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken@e3ab7b7f: Principal: blah.blah.springsecurityopenssocstomimpl.OpenssoUser@139c500: Username: 1111111; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: (OpenssoUser: realm=o=people,ou=someorg,dc=example,dc=us, ssoToken=AQIC5wM2LY4SfcxdR1tbvpPJiK6enbFKQM0GktCnx9sIBEQ=@AAJTSQACMDE=#); Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 10.xx.xx.xxx; SessionId: DE9BBDA64848589B3D80E196B6AFEE05.webdev02; Granted Authorities:

cookie     JSESSIONID=7D02C564C7523BF355BF30F426923F6C.webdev02; __xxxx=10578933.1742365808.1295897384.1295897384.1295965149.2; __xxxx=10578933.1295897384.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); iPlanetDirectoryPro="AQIC5wM2LY4Sfczh/4rJcWw9JN0amRWpPjhg2Q6mNbGygAc=@AAJTSQACMDE=#"

any ideas on what could be wrong?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points