Clustered Session Terracotta not working

asked 2013-03-12 15:44:09 +0800

GonzalesDK
0

Hi there. I have a webapplication that consists of ZK Spring, Spring Security frameworks : We are not using the ZK spring integration but just the standard spring integration The spring libs we are using are. org.springframework.spring-context org.springframework.spring-web org.springframework.security.spring-security-core org.springframework.security.spring-security-taglibs org.springframework.security.spring-security-config These libs are version 3.1.2-RELEASE

org.springframework.spring.oxm.version Version 1.5.10

I am using the terracotta toolkit runtime version 5.4.0 and terracotta session 1.3.4.

I have changed the zk.xml to contain <system-config> <disable-event-thread/> <ui-factory-class>org.zkoss.zk.ui.http.SerializableUiFactory</ui-factory-class> </system-config> and I also tried to add <listener> <description>ThreadLocal Synchronization Listener</description> <listener-class>org.zkoss.zkplus.util.ThreadLocalListener</listener-class> </listener>

    <preference>
        <name>ThreadLocal</name>
        <value>
             org.springframework.security.context.ThreadLocalSecurityContextHolderStrategy=contextHolder
        </value>
    </preference>

I tried to deploy on tomcat new 6.x.x. version and also using jetty. When using tomcat I used the tomcat valve as described by the terracotta documentation and when using jetty I changed the web.xml to use the proper filters for using terracotta.

The spring security important parts look like <http pattern="/img/**" security="none"/> <http pattern="/style/**" security="none"/> <http pattern="/js/**" security="none"/> <http pattern="/someurl/somepage.jsp" security="none"/>

<http auto-config="true">

    <!-- login and ZK always needs to be authenticated, that means no restrictions -->
    <intercept-url pattern="/pages/login.zul*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

    <!-- Public flows are always authenticated -->
    <intercept-url pattern="/someurl/someurl/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/someurl/SELENIUM/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

    <!-- Special login page used to show login box on demand -->
    <intercept-url pattern="/someurl/someurl/notLoggedInMobile*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

    <!--Resources accessed by logged in users requires the listed roles (Also known as userTypes in the system)-->
    <intercept-url pattern="/**" access="ROLE_NORMAL_USER,ROLE_ACCOUNT_MANAGER,ROLE_ACCOUNT_MANAGER_USER" />

    <!--Login configuration-->
    <form-login authentication-success-handler-ref="successHandler"
                authentication-failure-handler-ref="failureHandler"
                login-page="#{serverUrl + '/someurl/notLoggedInMobile'}"/>

    <!--Logout configuration-->
    <logout logout-success-url="#{serverUrl + '/?loggedOut=mobile'}"/>
    <custom-filter position="LAST" ref="switchUserProcessingFilter" />
</http

When I start the webapplication, all the public pages work fine and if I create a session value, I can read this session value from a second instance of the webapp. This only works when I am not logged in.

When I try to do a login, the ZK session timeout pops up immediately and informs me that I have been looged out. So it seems as if the zk/spring security/terracotta interaction doesn't work as expected. I have tried turning on debug on spring and zk and it's obvious that spring security for some reason looses the session and creates a new one when doing a login.

We are doing a big project and clustered session is very important for us. We are using the PE version of ZK. I have tried to use the zk-spring integration but that did cause a lot of problems with the spring versions we are using.

Anybody has an idea what to do?