Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring 3 Security and Relative Redirect URLs

We have a Spring 3 app with Spring Security behind a Squid proxy. The issue is that Spring only knows about the internal squid url so after a successful login at example.com/login instead of redirecting to example.com/home it redirects to internal.example.com.

Does anyone know how to deal with this situation?

My Config:

<security:http use-expressions="true" auto-config="true">
    <security:intercept-url pattern="/" access="hasRole('ROLE_ANONYMOUS') or hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
    <security:intercept-url pattern="/**" access="hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
    <security:intercept-url pattern="/static/**" filters="none"/>
    <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
    <security:form-login login-page="/" default-target-url="/dashboard"/>
    <security:anonymous/>
</security:http>

Edit:

In my case the admins had set up mod_jk incorrectly so everything was fine with squid and the above config.

like image 485
Josh Johnson Avatar asked May 31 '11 15:05

Josh Johnson


1 Answers

I'm having web application with Spring security behind Apache HTTP Reverse proxy and some stupid application which behaves like you described above and the solution for us was to use mod_rewrite module

http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

Anyway what are you saying is very weird because the correct Spring security configuration should use relative urls and it should not matter weather, internal or external host is used in url.

if you configure URL

 <security:form-login login-page="//login.jsp" login-processing-url="/login" always-use-default-target="true"/>

Should behave the same way in internal or external URL, it sounds like problem in configuration.

like image 148
danny.lesnik Avatar answered Sep 27 '22 23:09

danny.lesnik