[jetty-users] Suggestions for best performance in relation to clustered instances

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-users] Suggestions for best performance in relation to clustered instances

Mikael Brandin
Hi,

I'm developing a new webservice that will require some scaling out and I
am considering the best approche of achiving this with maximum
flexibility. The general setup constitutes a proxy load balancing
requests to X (> 2) instances of Jetty with each Jetty running the
webservice in question. Using sticky-sessions (proxy routing the same
JSESSIONID requests to the same instance at all times) I assume that
Jetty would be able to handle this out of the box but the trick comes to
authentication. I bascially want a solution that either persists the
session (effectively making the session age in the
database/datasource/redis/...) or use a seperate cookie for
authentication this to be able to use round-robin for request to avoid
user being bound to a single instance. I should mention that the
webservice in question does not rely on using session for storing user
related data.

I am aware that Jetty supports multiple ways for authentication but
consider all authentication methods that involve login/authentication in
seperate steps (form login rather than http basic digest).

I notice that I have rolled at least 3 questions into one here but to
summerize:
- Is authentication persisted with the session (or is that an option)
with Jetty?
- Does anyone know of a setup to achive clustered authentication or is
that the same as clustered sessions?
- What authentication/login service would be best match for handling a
webservice?

Would appreciate any feedback!

With regards,
Mikael Brandin



_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Suggestions for best performance in relation to clustered instances

Thomas SEGISMONT
If your web service is stateless, why do you want to use sticky sessions ?

How to authenticate your web service users depend on your use case,
there are many ways to do this. And it's not necessarily in relation to
servlet sessions.

Le 08/06/2012 08:17, Mikael Brandin a écrit :

> Hi,
>
> I'm developing a new webservice that will require some scaling out and
> I am considering the best approche of achiving this with maximum
> flexibility. The general setup constitutes a proxy load balancing
> requests to X (> 2) instances of Jetty with each Jetty running the
> webservice in question. Using sticky-sessions (proxy routing the same
> JSESSIONID requests to the same instance at all times) I assume that
> Jetty would be able to handle this out of the box but the trick comes
> to authentication. I bascially want a solution that either persists
> the session (effectively making the session age in the
> database/datasource/redis/...) or use a seperate cookie for
> authentication this to be able to use round-robin for request to avoid
> user being bound to a single instance. I should mention that the
> webservice in question does not rely on using session for storing user
> related data.
>
> I am aware that Jetty supports multiple ways for authentication but
> consider all authentication methods that involve login/authentication
> in seperate steps (form login rather than http basic digest).
>
> I notice that I have rolled at least 3 questions into one here but to
> summerize:
> - Is authentication persisted with the session (or is that an option)
> with Jetty?
> - Does anyone know of a setup to achive clustered authentication or is
> that the same as clustered sessions?
> - What authentication/login service would be best match for handling a
> webservice?
>
> Would appreciate any feedback!
>
> With regards,
> Mikael Brandin
>
>
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Suggestions for best performance in relation to clustered instances

ccleve
In reply to this post by Mikael Brandin
On 6/8/2012 1:17 AM, Mikael Brandin wrote:

> Hi,
>
> I'm developing a new webservice that will require some scaling out and I
> am considering the best approche of achiving this with maximum
> flexibility. The general setup constitutes a proxy load balancing
> requests to X (> 2) instances of Jetty with each Jetty running the
> webservice in question. Using sticky-sessions (proxy routing the same
> JSESSIONID requests to the same instance at all times) I assume that
> Jetty would be able to handle this out of the box but the trick comes to
> authentication. I bascially want a solution that either persists the
> session (effectively making the session age in the
> database/datasource/redis/...) or use a seperate cookie for
> authentication this to be able to use round-robin for request to avoid
> user being bound to a single instance. I should mention that the
> webservice in question does not rely on using session for storing user
> related data.
>
> I am aware that Jetty supports multiple ways for authentication but
> consider all authentication methods that involve login/authentication in
> seperate steps (form login rather than http basic digest).
>
> I notice that I have rolled at least 3 questions into one here but to
> summerize:
> - Is authentication persisted with the session (or is that an option)
> with Jetty?
> - Does anyone know of a setup to achive clustered authentication or is
> that the same as clustered sessions?
> - What authentication/login service would be best match for handling a
> webservice?
>
> Would appreciate any feedback!
>
> With regards,
> Mikael Brandin

I was about to ask a similar question. All we need is to store in a
session is the fact that a user has authenticated. I don't want to be
forced to use sticky sessions, but would rather have the session
available to any box that needs it.

What are the best practices here? Somebody help!

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users