[jcifs] Error message connecting to DC under load

[Michael B Allen]

On Wed, 30 Mar 2005 09:24:53 +0200
Ingo Rockel <irockel at pironet-ndh.com> wrote:

> Yes, the application is running in a cluster with two nodes. The used 
> container is Oracle Application Server 10g.
> 
> They are currently using jcifs 1.0.1 and will update to 1.1.8 when the 
> new version of our application is deployed.

Ooo, yeah, definately upgrade. Preferrably to 1.1.9. I realize you're
doing regression against 11.8 but 1.1.9 is just 1.1.8 with some bugs
so ...

> Do I get this right, jcifs auth might fail in a clustered environment? 
> Or do I have to mask the ip, so the auth request to the DC are always 
> coming from the same IP?

I think it will fail. The problem is the NtlmPasswordAuthentication
object stored in the HTTP session is not serializable. It implements
Serializeable but it's impossible to serialize credentials that are only
valid on a particular socket. How you fix the problem I don't know. You
have to give those sessions that have the credentials an affinity for
the VM in which they are created. Or something like that. I don't know
anything about clustering.

The real fix is to make the credential object partially mutable such
that it can be in an unauthenticated or authenticated state. When
it's created it's unauthenticated and trying to use it initiates the
authentication process. That way, when this object is deserialized it's
in the unauthenticated state and the session will be automatically
reauthenticated. I'm not going to do that until 2.0 though. The 1.x
branch is locked down. Only absolutely critical fixes now (read none).

Mike

-- 
IRC - where men are men, women are men, and the boys are FBI agents.