开发者

Apache LoadBalancing, sticky session, and Spring security framework

I have a public facing Apache 2.2 webserver that I've configured to proxy and balance requests to back-end web applications deployed on Tomcat 6.0. I am using Spring FW + Spring security framework as technology stack, therefore the application is using a cookie with jsessionid. The snippet below is from the Apache configuration:

ServerName abc.mydomain.com

ProxyRequests Off
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On scolonpathdelim=On
ProxyPassReverse / balancer://mycluster/

<Proxy balancer://mycluster >
    BalancerMember http://10.179.40.165:8080/abc
</Proxy>

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

<Location />
    Order allow,deny
    Allow from all
</Location>

The problem is that Spring Securi开发者_JAVA百科ty will redirect to invalid session url on any request after a successful login. What can I do to solve the problem? Thanks

Peter


i just had this issue as well.

found the answer in https://stackoverflow.com/a/9951315/1211174

here is my configuration:

   <VirtualHost vm1.mydomain.com:443>
         ServerName public.domain.name


         <IfModule mod_proxy.c> 
         ProxyRequests Off
         ProxyTimeout 5400

         #should be the otherway. white list instead of black list
        <Proxy *>
           Order deny,allow
           Allow from all
        </Proxy>


        <Proxy balancer://mybalancername>
               BalancerMember ajp://localhost:8209
               BalancerMember ajp://localhost:8210
               ProxySet lbmethod=bytraffic
               ProxySet stickysession=JSESSIONID
        </Proxy>


        ProxyPass / balancer://mybalancername/
        #check out http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html for more info

        ProxyPassReverse /  balancer://mybalancername/
        ProxyPassReverseCookieDomain  balancer://mybalancername  https://public.domain.name



  </IfModule>

seems like that with out

               ProxySet lbmethod=bytraffic
               ProxySet stickysession=JSESSIONID

spring security doesnt get the right cookie

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜