我有以下设置,请求通过负载均衡器进入Websphere IHS服务器,该服务器将请求转发到应用程序服务器Websphere。启用SSO时我遇到的问题是正在为每个请求创建一个新会话。
我知道这是因为我编写了一个snoop servlet,每个请求的会话ID都不同。 Web服务器和应用服务器已配置为使用cookie,负载均衡器启用了粘性会话。
我正在使用spenego,因为它是websphere和kerberos配置来验证来自Active Directory的用户。
有没有人知道为什么只有在启用SSO时才会在每个请求上创建会话。如果没有SSO,则会话对于不同的请求是相同的。我在websphere中尝试了很多不同的设置但没有一个有效。例如,在服务器层进行集群,在websphere会话管理等中启用安全性复选框。
我还尝试创建自己的cookie并将其放回到响应中,以为它会在请求中返回,但之前没有cookie被发回。 JSessionID cookie也不可见。此外,当您在日志中看到创建我自己的cookie时,它会指出com.ibm.ws.webcontainer.srt.SRTServletResponse addCookie警告:无法设置标头。响应已经提交。
如果您需要更多信息,请询问我将很乐意提供
然后确定实质:
我的servlet中有以下代码来检查会话信息并创建自己的cookie
//lets try setting a cookie into the response
System.out.println("Setting a new cookie into the session");
String user = "";
if(req.getAttribute("com.ibm.ws.security.spnego.UserPrincipal") != null) {
user = req.getAttribute("com.ibm.ws.security.spnego.UserPrincipal").toString();
Cookie userCookie = new Cookie("userId", user);
userCookie.setMaxAge(60*60*24*365); //Store cookie for 1 year
res.addCookie(userCookie);
}
HttpSession session = req.getSession(false);
if ( session != null )
{
out.println("<h2>Session information:</h2>");
out.println("<TABLE Border=\"2\" WIDTH=\"65%\" BGCOLOR=\"#DDDDFF\">");
print(out, "Session ID", session.getId());
print(out, "Last accessed time", new Date(session.getLastAccessedTime()).toString());
print(out, "Creation time", new Date(session.getCreationTime()).toString());
String mechanism = "unknown";
if ( req.isRequestedSessionIdFromCookie() )
{
mechanism = "cookie";
}
else if ( req.isRequestedSessionIdFromURL() )
{
mechanism = "url-encoding";
}
print(out, "Session-tracking mechanism", mechanism);
out.println("</table><BR><BR>");
Enumeration vals = session.getAttributeNames();
if (vals.hasMoreElements())
{
out.println("<h2>Session values</h2>");
out.println("<TABLE Border=\"2\" WIDTH=\"65%\" BGCOLOR=\"#DDDDFF\">");
while (vals.hasMoreElements())
{
String name = (String)vals.nextElement();
out.println("<tr><td>" + escapeChar(name) + "</td><td>" + escapeChar(session.getAttribute(name).toString()) + "</td></tr>");
}
out.println("</table><BR><BR>");
}
}
out.println("</body></html>");
}
以下代码检查请求中的cookie
Cookie[] cookies = req.getCookies();
if ( cookies != null && cookies.length > 0 )
{
out.println("<H2>Client cookies</H2>");
out.println("<TABLE Border=\"2\" WIDTH=\"65%\" BGCOLOR=\"#DDDDFF\">");
for ( int i=0; i<cookies.length; i++ )
{
out.println("<tr><td>" + escapeChar(cookies[i].getName()) + "</td><td>" + escapeChar(cookies[i].getValue()) + "</td></tr>");
}
out.println("</table><BR><BR>");
}
以下检查请求属性
e = req.getAttributeNames();
if ( e.hasMoreElements() )
{
out.println("<h2>Request attributes:</h2>");
out.println("<TABLE Border=\"2\" WIDTH=\"65%\" BGCOLOR=\"#DDDDFF\">");
while ( e.hasMoreElements() )
{
String name = (String)e.nextElement();
System.out.println("Reuqest Attribute Faisal**************" + name + "********" + req.getAttribute(name).toString());
if(req.getSession() != null) {
System.out.println("**************Session id = " + req.getSession().getId());
} else {
System.out.println("**************Session is null");
}
if(req.getAttribute("com.ibm.ws.security.spnego.UserPrincipal") != null) {
if(req.getSession(false) != null) {
System.out.println("****Got the old Session id Faisal = " + req.getSession().getId());
req.getSession().setAttribute("user.principal", req.getAttribute("com.ibm.ws.security.spnego.UserPrincipal"));
}
}
out.println("<tr><td>" + escapeChar(name) + "</td><td>" + escapeChar(req.getAttribute(name).toString()) + "</td></tr>");
}
out.println("</table><BR><BR>");
}
因此,第一次发送请求时,我第二次发送请求时打印出所有会话变量和请求属性,用户主体不可用,我的日志如下
[6/18/14 9:33:17:445 BST] 0000002f SystemOut O Reuqest Attribute**************javax.servl
et.request.key_size********128
[6/18/14 9:33:17:445 BST] 0000002f WASSessionCor W SessionAffinityManager setCookie SESN0066E: The r
esponse is already committed to the client. The session cookie cannot be set.
[6/18/14 9:33:17:447 BST] 0000002f srt W com.ibm.ws.webcontainer.srt.SRTServletResponse ad
dSessionCookie WARNING: Cannot set session cookie. Response already committed.
[6/18/14 9:33:17:448 BST] 0000002f SystemOut O **************Session id = N0Lp9cftRNzWkjw
KUDheA1U
[6/18/14 9:33:17:448 BST] 0000002f SystemOut O ****Got the old Session id = N0Lp9cftRNzWk
jwKUDheA1U
[6/18/14 9:33:17:448 BST] 0000002f SystemOut O Reuqest Attribute**************javax.servl
et.request.cipher_suite********RC4-SHA
[6/18/14 9:33:17:449 BST] 0000002f SystemOut O **************Session id = N0Lp9cftRNzWkjw
KUDheA1U
[6/18/14 9:33:17:449 BST] 0000002f SystemOut O ****Got the old Session id= N0Lp9cftRNzWk
jwKUDheA1U
[6/18/14 9:33:17:449 BST] 0000002f SystemOut O Reuqest Attribute**************com.ibm.ws.
security.spnego.UserPrincipal********user@domain.COM
[6/18/14 9:33:17:449 BST] 0000002f SystemOut O **************Session id = N0Lp9cftRNzWkjw
KUDheA1U
[6/18/14 9:33:17:449 BST] 0000002f SystemOut O ****Got the old Session id = N0Lp9cftRNzWk
jwKUDheA1U
[6/18/14 9:33:17:449 BST] 0000002f SystemOut O Reuqest Attribute**************com.ibm.web
sphere.servlet.uri_non_decoded********/lbgssoclient/snoop/
[6/18/14 9:33:17:449 BST] 0000002f SystemOut O **************Session id = N0Lp9cftRNzWkjw
KUDheA1U
[6/18/14 9:33:17:450 BST] 0000002f SystemOut O ****Got the old Session id= N0Lp9cftRNzWk
jwKUDheA1U
[6/18/14 9:33:17:452 BST] 0000002f SystemOut O Setting a new cookie into the session
[6/18/14 9:33:17:452 BST] 0000002f srt W com.ibm.ws.webcontainer.srt.SRTServletResponse ad
dCookie WARNING: Cannot set header. Response already committed.
[6/18/14 9:35:01:745 BST] 0000002e SystemOut O Reuqest Attribute**************javax.servl
et.request.key_size********128
[6/18/14 9:35:01:746 BST] 0000002e WASSessionCor W SessionAffinityManager setCookie SESN0066E: The r
esponse is already committed to the client. The session cookie cannot be set.
[6/18/14 9:35:01:747 BST] 0000002e srt W com.ibm.ws.webcontainer.srt.SRTServletResponse ad
dSessionCookie WARNING: Cannot set session cookie. Response already committed.
[6/18/14 9:35:01:749 BST] 0000002e SystemOut O **************Session id = ChRGK9SP4lEnGc2
yy7WQdGb
[6/18/14 9:35:01:750 BST] 0000002e SystemOut O Reuqest Attribute**************javax.servl
et.request.cipher_suite********RC4-SHA
[6/18/14 9:35:01:750 BST] 0000002e SystemOut O **************Session id = ChRGK9SP4lEnGc2
yy7WQdGb
[6/18/14 9:35:01:750 BST] 0000002e SystemOut O Reuqest Attribute**************com.ibm.web
sphere.servlet.uri_non_decoded********/lbgssoclient/snoop/
[6/18/14 9:35:01:750 BST] 0000002e SystemOut O **************Session id Faisal = ChRGK9SP4lEnGc2
yy7WQdGb
[6/18/14 9:35:01:752 BST] 0000002e SystemOut O Setting a new cookie into the session
任何建议或指示表示赞赏。我知道这里有很多信息,但我真的很挣扎。
由于
更新:
添加会话列表器以监控会话后,我在日志中注意到以下内容
[6/18/14 12:45:40:880 BST] 00000025 ServerCache I DYNA1071I: The cache provider "default" is being used.
[6/18/14 12:45:40:937 BST] 00000025 SystemOut O getting session for attributes print out
[6/18/14 12:45:40:938 BST] 00000025 SystemOut O Reuqest Attribute **************javax.servlet.request.key_size********128
[6/18/14 12:45:40:941 BST] 00000025 SystemOut O sessioncreated
[6/18/14 12:45:40:941 BST] 00000025 SystemOut O 1403091940939
[6/18/14 12:45:40:942 BST] 00000025 SystemOut O oN74OFyuPHcnyoxO_YBLK7z
[6/18/14 12:45:40:942 BST] 00000025 SystemOut O 1403091940939
[6/18/14 12:45:40:943 BST] 00000025 SystemOut O 1800
[6/18/14 12:45:40:943 BST] 00000025 SystemOut O sessionCreated - add one session into counter
[6/18/14 12:45:40:944 BST] 00000025 WASSessionCor W SessionAffinityManager setCookie SESN0066E: The response is already committed to the client. The session cookie cannot be set.
[6/18/14 12:45:40:945 BST] 00000025 srt W com.ibm.ws.webcontainer.srt.SRTServletResponse addSessionCookie WARNING: Cannot set session cookie
. Response already committed.
最后几行state无法设置会话cookie,因为响应已经提交。任何人都知道如何解决这个问题?