Apache LoadBalancing, sticky session, and Spring security framework
I have a public facing Apache 2.2 webserver that I've configured to proxy and balance requests to back-end web applications deployed on Tomcat 6.0. I am using Spring FW + Spring security framework as technology stack, therefore the application is using a cookie with jsessionid. The snippet below is from the Apache configuration:
ServerName abc.mydomain.com
ProxyRequests Off
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On scolonpathdelim=On
ProxyPassReverse / balancer://mycluster/
<Proxy balancer://mycluster >
BalancerMember http://10.179.40.165:8080/abc
</Proxy>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
The problem is that Spring Securi开发者_JAVA百科ty will redirect to invalid session url on any request after a successful login. What can I do to solve the problem? Thanks
Peter
i just had this issue as well.
found the answer in https://stackoverflow.com/a/9951315/1211174
here is my configuration:
<VirtualHost vm1.mydomain.com:443>
ServerName public.domain.name
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyTimeout 5400
#should be the otherway. white list instead of black list
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Proxy balancer://mybalancername>
BalancerMember ajp://localhost:8209
BalancerMember ajp://localhost:8210
ProxySet lbmethod=bytraffic
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass / balancer://mybalancername/
#check out http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html for more info
ProxyPassReverse / balancer://mybalancername/
ProxyPassReverseCookieDomain balancer://mybalancername https://public.domain.name
</IfModule>
seems like that with out
ProxySet lbmethod=bytraffic
ProxySet stickysession=JSESSIONID
spring security doesnt get the right cookie
精彩评论