2 Replies Latest reply: Mar 3, 2011 10:36 AM by 804089 RSS

    spring security custom authentication module, opensso and tomcat clusters

    804089
      I have a custom authentication module configured to provide authentication for web application using opensso and spring security. The setup is as follows

      1. web application deployed on tomcat 6.0.20 cluster (2 to 4 servers in various env) infront of a loadbalancer. all tomcats on different systems.
      2. web application filter using spring security 2.0.4
      3. opensso Enterprise 8.0 Build 6(2008-October-31 09:07) deployed on tomcat 6.0.18 using sun directory server for user and config store
      4. custom authentication module similar to the opensso spring provider available at java.net/projects/opensso
      5. no policy agent

      This works great when web application is running on single tomcat or 2 tomcats clustered on the same system. When this application is deployed on tomcat clusters setup on 2 separate systems, user is authenticated but I see the following in catalina.log

      Mar 2, 2011 3:40:23 PM org.apache.catalina.ha.session.DeltaManager requestCompleted
      SEVERE: Unable to serialize delta request for sessionid [7D02C564C7523BF355BF30F426923F6C.webdev02]
      java.io.NotSerializableException: com.iplanet.sso.providers.dpro.SSOTokenImpl
      at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1081)
      at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1375)
      at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1347)
      at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1290)
      at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1079)
      at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1375)
      at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1347)
      at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1290)
      at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1079)
      at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:302)
      at org.apache.catalina.ha.session.DeltaRequest$AttributeInfo.writeExternal(DeltaRequest.java:374)
      at org.apache.catalina.ha.session.DeltaRequest.writeExternal(DeltaRequest.java:272)
      at org.apache.catalina.ha.session.DeltaRequest.serialize(DeltaRequest.java:287)
      at org.apache.catalina.ha.session.DeltaManager.serializeDeltaRequest(DeltaManager.java:640)
      at org.apache.catalina.ha.session.DeltaManager.requestCompleted(DeltaManager.java:1120)
      at org.apache.catalina.ha.tcp.ReplicationValve.send(ReplicationValve.java:550)
      at org.apache.catalina.ha.tcp.ReplicationValve.sendMessage(ReplicationValve.java:537)
      at org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessage(ReplicationValve.java:519)
      at org.apache.catalina.ha.tcp.ReplicationValve.sendReplicationMessage(ReplicationValve.java:430)
      at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:363)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
      at java.lang.Thread.run(Thread.java:595)

      The spring security context has the following in session after user authentication
      SPRING_SECURITY_CONTEXT     org.springframework.security.context.SecurityContextImpl@e3ab7b7f: Authentication: org.springframework.security.providers.UsernamePasswordAuthenticationToken@e3ab7b7f: Principal: blah.blah.springsecurityopenssocstomimpl.OpenssoUser@139c500: Username: 1111111; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: (OpenssoUser: realm=o=people,ou=someorg,dc=example,dc=us, ssoToken=AQIC5wM2LY4SfcxdR1tbvpPJiK6enbFKQM0GktCnx9sIBEQ=@AAJTSQACMDE=#); Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 10.xx.xx.xxx; SessionId: DE9BBDA64848589B3D80E196B6AFEE05.webdev02; Granted Authorities:

      cookie     JSESSIONID=7D02C564C7523BF355BF30F426923F6C.webdev02; __xxxx=10578933.1742365808.1295897384.1295897384.1295965149.2; __xxxx=10578933.1295897384.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); iPlanetDirectoryPro="AQIC5wM2LY4Sfczh/4rJcWw9JN0amRWpPjhg2Q6mNbGygAc=@AAJTSQACMDE=#"

      any ideas on what could be wrong?