Re: httpd/Tomcat load balancing question

[André Warnier]

I'll top post and reply to an earlier message at the same time, although I'm sure that 
this is frowned upon in both cases.

Considering the sum of the answers so far :
1) According to Pid*, yes, the "<c:url .." encapsulation is the reason for the added 
";jession-id" suffix, which interferes when Apache httpd is asked to deliver the target of 
these links to static elements.

2) it would seem to me that the best (most efficient) way, in your context, would be to 
remove that encapsulation for all links directed to static elements.  That would not only 
fix the problem you are having, but also avoid some unnecessary processing on the Tomcat 
side (and on the httpd side, see #4 below).

3) one point made by Konstantin is that of course in this case, these static elements 
themselves will not be subject to the Tomcat authentication and access-control rules.
But that is already implicit, since they are delivered by Apache httpd anyway.

4) in the worst case - aka your Dev team cannot easily remove the encapsulation - there 
are ways to remove the ";jessionid" suffix at the Apache httpd level, using mod_rewrite 
for instance.  But that definitely sounds like doing the work twice : once for Tomcat to 
add the suffixes, then again for httpd to remove them.

5) There is also a way to remove the jessionid suffix, using mod_jk as the connector 
between httpd and tomcat instead of mod_proxy, as per Rainer's suggestion (JkStripSession 
configuration directive).  mod_jk is (at least) as good as mod_proxy in terms of 
connecting and load-balancing, but it is a different configuration.

6) and if these java guys don't get it cooked, there are other ways to do this, but this 
would become off-topic for this list, so maybe we should then do that offline.

7) your proposed course of action below is self-defeating, since if you manage to convince 
them it will mean that they are not what you think they are.

Jeffrey Janner wrote:
Definitely the culprit.  Now, I just have to convince the Dev team that they 
are, once again, a bunch of idiots.

I'm sure it's some framework/tool they are using.  The question now is, if I 
can't get them to not use it in this case, is there some way to modify httpd to 
strip the ;jsessionid stuff, or pass it on to the Tomcat server if it's there?  
That is, ignore the local feed if there is a sticky session id embedded in the 
URL?

Jeff

-----Original Message-----
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
Sent: Wednesday, December 22, 2010 4:50 PM
To: 'Tomcat Users List'
Subject: RE: httpd/Tomcat load balancing question

In the specific case I mention below, this is the source from the jsp:
        <link rel="icon" type="image/x-icon" href="<c:url
value="/static/images/icons/favicon.ico"/>" />

I'm not a jsp programmer, but I'm betting it has something to do with
the <c:url /> encapsulation.
Jeff

-----Original Message-----
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
Sent: Wednesday, December 22, 2010 4:40 PM
To: 'Tomcat Users List'; 'Tomcat Users List'
Subject: RE: httpd/Tomcat load balancing question

Thanks, that was what I was thinking.
Since the only JSP I have access to is the welcome-file, I'm not sure
I
can verify.

Q: I would think the getContextPath would be desirable, in case we
change the war-file name, etc., but I wouldn't think that would cause
the jsessionID string to get appended to the end of the path.  That
is,
they are coming out as

"/Portal/static/images/icons/favicon.ico;jsessionid=B4E3E4AA3D79B8877A0
9CFCC32827D09.tomcat1".

Jeff

-----Original Message-----
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, December 22, 2010 2:43 PM
To: Tomcat Users List
Subject: Re: httpd/Tomcat load balancing question

Hi.

Not knowing anything about JSP per se, I would nevertheless guess
that
the links are
written using something like
<img src="<%getContextPath%>/static/mylogo.jpg"/> or similarly,
instead
of just plain html
<img src="/Portal/static/mylogo.jpg"/>.
That probably leads the JSP compiler to think it has to
"relativise"
the links to the app
context and so on, while in this case it should not, because they
will
be served by the
front-end, not by Tomcat.



Jeffrey Janner wrote:
Httpd 2.2.17
Tomcat 6.0.29
Sun JDK 1.6.0_22
Spring Framework (3.0.2 I think)
All on Windows

The Dev team is creating a new app that we are planning to deploy
using httpd as a load-balancer to two Tomcats on separate servers.
Httpd is configured to serve static files - graphics, css, etc. -
with
everything else being sent to the Tomcat servers over AJP.  The
Tomcat
app has one jsp file setup as the welcome-file, which just does a
redirect to host/app/login, which is an internal action that
generates
the real login screen.  All other parts of the app are buried in
the
WEB-INF/classes structure (as far as I can tell).
We are currently testing the setup, and if you go to
http://prtltest.polydyne.com, everything seems to work just fine.
The
browser gets redirected to
http://prtltest.polydyne.com/Portal/login
and the screen looks fine.  The problem is if you go directly to
the
login page, bypassing the welcome-file redirect, then you don't get
the
static files.  If you refresh the page, everything shows up again.
Looking at the source of the login page, it appears that all the
static links have the jsessionid appended to them on the first
load,
but not on subsequent loads.  I assume this is because Tomcat
hasn't
determined cookie support yet when it generates the page the first
time, but does know about it on the refresh.  My question is, is
there
something the Dev team should be doing before generating the login
page, or generating the static links, or is there a configuration
setting I'm missing in the httpd.conf file?  Or perhaps in the
web.xml?
Jeff

The httpd.conf file is pretty stock, with the following added for
the
load-balancer configuration:
<Location /balancer-manager>
  SetHandler balancer-manager

  Order Deny,Allow
  Deny from all
  Allow from 10.1.1 127.0.0.1
</Location>

<Proxy balancer://mycluster>
                BalancerMember ajp://prtltest01:8009/Portal
route=tomcat1 loadfactor=50
                BalancerMember ajp://prtltest02:8009/Portal
route=tomcat2 loadfactor=50
</Proxy>

ProxyPass /Portal/static !
ProxyPass /Portal balancer://mycluster
stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPass / balancer://mycluster/
stickysession=JSESSIONID|jsessionid
scolonpathdelim=On
The web.xml file is:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";>
    <display-name>Polydyne Portal Application</display-name>
    <!-- Log4J Config -->
    <context-param>
        <param-name>log4jConfigLocation</param-name>
        <param-value>/WEB-INF/log4j.properties</param-value>
    </context-param>
    <listener>
        <listener-
class>org.springframework.web.util.Log4jConfigListener</listener-
class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/Portal-service.xml
            /WEB-INF/Portal-security.xml
        </param-value>
    </context-param>
    <listener>
        <listener-
class>org.springframework.web.context.ContextLoaderListener</listener-
class>
    </listener>

    <!-- Concurrent Session Control -->
    <listener>
        <listener-
class>org.springframework.security.web.session.HttpSessionEventPublishe
r</listener-class>
    </listener>

    <!-- Reads request input using UTF-8 encoding -->
    <filter>
        <filter-name>characterEncodingFilter</filter-name>
        <filter-
class>org.springframework.web.filter.CharacterEncodingFilter</filter-
class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>characterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- Spring Security settings start -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-
class>org.springframework.web.filter.DelegatingFilterProxy</filter-
class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- Spring Security settings end -->
    <!-- Servlet Definition -->
    <!--
     - Map static resources to the default servlet
     - examples:
     -     http://localhost:8080/static/images/pets.png
     -     http://localhost:8080/static/styles/petclinic.css
    -->
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/static/*</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>Portal</servlet-name>
        <servlet-
class>org.springframework.web.servlet.DispatcherServlet</servlet-
class>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Portal</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <!-- Servlet Definition End -->
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>redirect.jsp</welcome-file>
    </welcome-file-list>
    <error-page>
        <exception-
type>javax.servlet.UnavailableException</exception-type>
        <location>/WEB-
INF/views/errors/Unavailable.html</location>
    </error-page>
    <error-page>
        <exception-type>503</exception-type>
        <location>/WEB-
INF/views/errors/Unavailable.html</location>
    </error-page>
</web-app>

_______________________________________________________________________
___
Confidentiality Notice:  This Transmission (including any
attachments) may contain information that is privileged,
confidential,
and exempt from disclosure under applicable law.  If the reader of
this
message is not the intended recipient you are hereby notified that
any
dissemination, distribution, or copying of this communication is
strictly prohibited.
If you have received this transmission in error, please
immediately
reply to the sender or telephone (512) 343-9100 and delete this
transmission from your system.

-------------------------------------------------------------------
--
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


_______________________________________________________________________
___

Confidentiality Notice:  This Transmission (including any
attachments)
may contain information that is privileged, confidential, and exempt
from disclosure under applicable law.  If the reader of this message
is
not the intended recipient you are hereby notified that any
dissemination, distribution, or copying of this communication is
strictly prohibited.

If you have received this transmission in error, please immediately
reply to the sender or telephone (512) 343-9100 and delete this
transmission from your system.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

_______________________________________________________________________
___

Confidentiality Notice:  This Transmission (including any attachments)
may contain information that is privileged, confidential, and exempt
from disclosure under applicable law.  If the reader of this message is
not the intended recipient you are hereby notified that any
dissemination, distribution, or copying of this communication is
strictly prohibited.

If you have received this transmission in error, please immediately
reply to the sender or telephone (512) 343-9100 and delete this
transmission from your system.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


__________________________________________________________________________

Confidentiality Notice:  This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law.  If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.  

If you have received this transmission in error, please immediately reply to 
the sender or telephone (512) 343-9100 and delete this transmission from your 
system.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org