Hazelcast Tomcat session manager is not working

[karim slaimi]

Hello,

I am implementing a new web application using JAAS for the user authentication.

I have one Apache web server with activated load balancer and 3 tomcat servers.

I am interested inHazelcast as a session manager.

So I installed Hazelcast IDMG and I am using it in a client server configuration.

I thought that it would be easy to do but I am facing some issues:

1- There is a tomcat object "SavedRequest" which is not serializable, so when I try to reload the start page I am getting an error. (I fixed it)

2- When the user is authenticated (JAAS authenticator), a Principal object is created. However I am not able to replicate it into the Hazelcast session. This object is not Serializable too. (I also fixed it)

3- I am currently trying to use Hazelcast on non sticky-session. I am also facing issues: sometimes the session is cleared, etc.

So may I ask you if I am using the Hazelcast session management the right way?Should I stop using JAAS? Principal object? etc

Are there any recommandations ? (Spring, spring security ?)

what about the non sticky-session? Should I do specific stuff to manage it?

Best regards

Karim SLAIMI

[Sharath Sahadevan]

Hi Karim,

   Hazelcast Enterprise has a security suite that supports JAAS. If you are currently using Open Source IMDG , best for you to  get a license for  Hazelcast Enterprise.

For tomcat session replication I am assuming you are following the instructions here.

As a first step, review your config and try to run the sample application provided here - https://github.com/hazelcast/hazelcast-code-samples/tree/master/hazelcast-integration/manager-based-session-replication. If that works then you know your setup is good.

If not, please post your config info and any error log/error messages and we can review.

Hope that helps.

[karim slaimi]

Hi Sharath,

Thank you for your quick answer.

I see in Hazelcast Entreprise edition there is a security suite which manage JAAS authentication.  

I am facing an issue with the samples project:

The POM for com.hazelcast.samples:helper:jar:0.1-SNAPSHOT is missing, no dependency information available

there is already an existing issue related to that: https://github.com/hazelcast/hazelcast-code-samples/issues/138

I would like to say that I am currently able to manage principal object (form JAAS) during the user login operation. Users are able to login. In fact I resolved some issues to be able to manage SavedRequest and Principal objects.

But my question is still the same one: is there any recommendation from hazelcast to use a specific authentication method (JAAS, Spring security, etc)? JAAS seems to not be really plug and play. Since I have to manage lots of issues.

Then, what about the non sticky-session? Does this configuration work well with JAAS? Spring Security?

Best regards

Karim

This message contains confidential information and is intended only for the individuals named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. -Hazelcast

--
You received this message because you are subscribed to the Google Groups "Hazelcast" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hazelcast+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/hazelcast/dd7a149b-b35a-40c5-9b71-4a02a6385754n%40googlegroups.com.

[orhan yilmaz]

Hello,

Spring security + spring session + hazelcast integration works fine.

Spring automatically builds authenticationmanager. It works on most conditions. 

BR

21 Eki 2020 Çar 16:28 tarihinde karim slaimi <karim....@gmail.com> şunu yazdı:

To view this discussion on the web visit https://groups.google.com/d/msgid/hazelcast/CAHSeLL2gXA8gPqqytYZTtoJjPXWz37dRoCS%3DyE490E%2B0tBR4yA%40mail.gmail.com.