We have a Spring 3 app with Spring Security behind a Squid proxy. The issue is that Spring only knows about the internal squid url so after a successful login at example.com/login
instead of redirecting to example.com/home
it redirects to internal.example.com
.
Does anyone know how to deal with this situation?
My Config:
<security:http use-expressions="true" auto-config="true">
<security:intercept-url pattern="/" access="hasRole('ROLE_ANONYMOUS') or hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
<security:intercept-url pattern="/**" access="hasRole('ROLE_GENERAL_ADMINISTRATION')"/>
<security:intercept-url pattern="/static/**" filters="none"/>
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
<security:form-login login-page="/" default-target-url="/dashboard"/>
<security:anonymous/>
</security:http>
In my case the admins had set up mod_jk incorrectly so everything was fine with squid and the above config.
I'm having web application with Spring security behind Apache HTTP Reverse proxy and some stupid application which behaves like you described above and the solution for us was to use mod_rewrite module
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Anyway what are you saying is very weird because the correct Spring security configuration should use relative urls and it should not matter weather, internal or external host is used in url.
if you configure URL
<security:form-login login-page="//login.jsp" login-processing-url="/login" always-use-default-target="true"/>
Should behave the same way in internal or external URL, it sounds like problem in configuration.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With