Op vrijdag, 3 juli 2009 17:48 schreef Mark Thomas <ma...@apache.org>:>
Christopher Schultz wrote:
> Ronald,
>
> On 7/3/2009 6:34 AM, Ronald Klop wrote:
>> I'm running Tomcat 6.0.20 in a cluster on 3 nodes. If I restart one I
>> get this exception:
>
>
>> Caused by: java.io.NotSerializableException:
>> org.apache.catalina.users.MemoryUser
>
> That's an easy one: MemoryUser does not implement Serializable.
>
>> <!-- Used by Manager webapp -->
>> <Resource name="UserDatabase" auth="Container"
>> type="org.apache.catalina.UserDatabase"
>> description="User database that can be updated and saved"
>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>> pathname="conf/tomcat-users.xml" />
>
> This is likely to be the problem: the manager app is trying to share its
> users across the cluster.
Unlikely. The manager app isn't marked as distributable.
My money would be on an app using the same Realm and putting the authenticated
Principal object in the session.
Mark
Hi,
Thanks for your answers. The context has a security-constraint in web.xml for
some password-protected pages for metainfo/stats about the running app. This
takes a user defined in tomcat-users.xml.
I looked a little into the Tomcat code. In
./java/org/apache/catalina/connector/Request.java on line 1752 Tomcat puts the
'javax.security.auth.subject' on the session. This is the MemoryUser in my case
I think.
Is there a way to use the security-constraint in a clustered environment?
Ronald.
