开发者

Spring Security and AJP proxy

I use Spring Security and Apache proxy for a web app. When using standard mod_proxy everything is OK, but after switching to AJP proxy there appears a problem with Spring security redire开发者_JS百科cts.

Apache config:

<VirtualHost *:80>
  ServerName domain.com

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>

When I call http://domain.com/login I see a login form.

When I submit the form I go to http://domain.com/auth and get authenticated.

Then Spring Security should redirect to http://domain.com/index but it redirects instead to http://domain.com/Context/index

How can I get rid of that context path? Why Spring Security adds it everywhere?

There was a similar question on Spring Security site but no one answered it:

http://forum.springsource.org/showthread.php?95141-Why-is-spring-security-including-the-context-path

P.S. It seems strange that Google doesn't find anything more related to this problem. Am I the only one who uses Spring Security + AJP? Maybe it's a wrong pattern?

Solution:

<VirtualHost *:80>
  ServerName domain.com

  RewriteEngine on
  RewriteRule ^/Context/(.*)$ /$1 [R=301]

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>


Spring Security is web application context aware, meaning that its redirects will always be based upon the current web application context. This is by design since your app server may be running several distinct web applications which should not interfere with each other.

Do you run only this application on your server and have the possibility to deploy it as ROOT application on Tomcat (e. g. putting it into webapps/ROOT/)? This would eliminate your context prefix and solve your problem.

Another option may be rewriting the redirect URL on the app server before it is passed to the client, e. g. with an outbound-rule from org.tuckey's great URLRewriteFilter (like mod_rewrite, but for Java EE web apps). Of course, you would have to take care of proper filter ordering in your web.xml since Spring Security also uses filters for its logic.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜