Clustered Session Terracotta not working

asked 2013-03-12 15:44:09 +0800

GonzalesDK gravatar image GonzalesDK

Hi there. I have a webapplication that consists of ZK Spring, Spring Security frameworks : We are not using the ZK spring integration but just the standard spring integration The spring libs we are using are. org.springframework.spring-context org.springframework.spring-web org.springframework.security.spring-security-core org.springframework.security.spring-security-taglibs org.springframework.security.spring-security-config These libs are version 3.1.2-RELEASE

org.springframework.spring.oxm.version Version 1.5.10

I am using the terracotta toolkit runtime version 5.4.0 and terracotta session 1.3.4.

I have changed the zk.xml to contain <system-config> <disable-event-thread/> <ui-factory-class>org.zkoss.zk.ui.http.SerializableUiFactory</ui-factory-class> </system-config> and I also tried to add <listener> <description>ThreadLocal Synchronization Listener</description> <listener-class>org.zkoss.zkplus.util.ThreadLocalListener</listener-class> </listener>


I tried to deploy on tomcat new 6.x.x. version and also using jetty. When using tomcat I used the tomcat valve as described by the terracotta documentation and when using jetty I changed the web.xml to use the proper filters for using terracotta.

The spring security important parts look like <http pattern="/img/**" security="none"/> <http pattern="/style/**" security="none"/> <http pattern="/js/**" security="none"/> <http pattern="/someurl/somepage.jsp" security="none"/>

<http auto-config="true">

    <!-- login and ZK always needs to be authenticated, that means no restrictions -->
    <intercept-url pattern="/pages/login.zul*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

    <!-- Public flows are always authenticated -->
    <intercept-url pattern="/someurl/someurl/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/someurl/SELENIUM/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

    <!-- Special login page used to show login box on demand -->
    <intercept-url pattern="/someurl/someurl/notLoggedInMobile*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

    <!--Resources accessed by logged in users requires the listed roles (Also known as userTypes in the system)-->
    <intercept-url pattern="/**" access="ROLE_NORMAL_USER,ROLE_ACCOUNT_MANAGER,ROLE_ACCOUNT_MANAGER_USER" />

    <!--Login configuration-->
    <form-login authentication-success-handler-ref="successHandler"
                login-page="#{serverUrl + '/someurl/notLoggedInMobile'}"/>

    <!--Logout configuration-->
    <logout logout-success-url="#{serverUrl + '/?loggedOut=mobile'}"/>
    <custom-filter position="LAST" ref="switchUserProcessingFilter" />

When I start the webapplication, all the public pages work fine and if I create a session value, I can read this session value from a second instance of the webapp. This only works when I am not logged in.

When I try to do a login, the ZK session timeout pops up immediately and informs me that I have been looged out. So it seems as if the zk/spring security/terracotta interaction doesn't work as expected. I have tried turning on debug on spring and zk and it's obvious that spring security for some reason looses the session and creates a new one when doing a login.

We are doing a big project and clustered session is very important for us. We are using the PE version of ZK. I have tried to use the zk-spring integration but that did cause a lot of problems with the spring versions we are using.

Anybody has an idea what to do?

delete flag offensive retag edit


do you have any sample application zk with spring security integration, please can you give any demo application.

hswain ( 2013-03-22 07:28:00 +0800 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2013-03-22 07:19:23 +0800

vincentjian gravatar image vincentjian
2245 6

Hi, I tried using terracotta + tomcat 6.0.36 + ZK and works fine with add ClusterSessionPatch in zk.xml


However, I didn't try with spring/spring security. Please try the patch and tell us if that works.

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

1 follower



Asked: 2013-03-12 15:44:09 +0800

Seen: 15 times

Last updated: Mar 22 '13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More