Op vrijdag, 3 juli 2009 17:48 schreef Mark Thomas <
markt@...>:>
> Christopher Schultz wrote:
> > Ronald,
> >
> > On 7/3/2009 6:34 AM, Ronald Klop wrote:
> >> I'm running Tomcat 6.0.20 in a cluster on 3 nodes. If I restart one I
> >> get this exception:
> >
> >
> >> Caused by: java.io.NotSerializableException:
> >> org.apache.catalina.users.MemoryUser
> >
> > That's an easy one: MemoryUser does not implement Serializable.
> >
> >> <!-- Used by Manager webapp -->
> >> <Resource name="UserDatabase" auth="Container"
> >> type="org.apache.catalina.UserDatabase"
> >> description="User database that can be updated and saved"
> >> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> >> pathname="conf/tomcat-users.xml" />
> >
> > This is likely to be the problem: the manager app is trying to share its
> > users across the cluster.
>
> Unlikely. The manager app isn't marked as distributable.
>
> My money would be on an app using the same Realm and putting the authenticated
> Principal object in the session.
>
> Mark
>
>
Hi,
Thanks for your answers. The context has a security-constraint in web.xml for some password-protected pages for metainfo/stats about the running app. This takes a user defined in tomcat-users.xml.
I looked a little into the Tomcat code. In ./java/org/apache/catalina/connector/Request.java on line 1752 Tomcat puts the 'javax.security.auth.subject' on the session. This is the MemoryUser in my case I think.
Is there a way to use the security-constraint in a clustered environment?
Ronald.
