Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security and AJP proxy

Tags:

tomcat

spring-security

mod-proxy

ajp

I use Spring Security and Apache proxy for a web app. When using standard mod_proxy everything is OK, but after switching to AJP proxy there appears a problem with Spring security redirects.

Apache config:

<VirtualHost *:80>
  ServerName domain.com

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>

When I call http://domain.com/login I see a login form.

When I submit the form I go to http://domain.com/auth and get authenticated.

Then Spring Security should redirect to http://domain.com/index but it redirects instead to http://domain.com/Context/index

How can I get rid of that context path? Why Spring Security adds it everywhere?

There was a similar question on Spring Security site but no one answered it:

http://forum.springsource.org/showthread.php?95141-Why-is-spring-security-including-the-context-path

P.S. It seems strange that Google doesn't find anything more related to this problem. Am I the only one who uses Spring Security + AJP? Maybe it's a wrong pattern?

Solution:

<VirtualHost *:80>
  ServerName domain.com

  RewriteEngine on
  RewriteRule ^/Context/(.*)$ /$1 [R=301]

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>
like image 739
Andrey Minogin Avatar asked May 19 '11 18:05

Andrey Minogin

1 Answers

Spring Security is web application context aware, meaning that its redirects will always be based upon the current web application context. This is by design since your app server may be running several distinct web applications which should not interfere with each other.

Do you run only this application on your server and have the possibility to deploy it as ROOT application on Tomcat (e. g. putting it into webapps/ROOT/)? This would eliminate your context prefix and solve your problem.

Another option may be rewriting the redirect URL on the app server before it is passed to the client, e. g. with an outbound-rule from org.tuckey's great URLRewriteFilter (like mod_rewrite, but for Java EE web apps). Of course, you would have to take care of proper filter ordering in your web.xml since Spring Security also uses filters for its logic.

like image 181
Axel Knauf Avatar answered Nov 10 '22 02:11

Axel Knauf
Sign in to Comment

Related questions

Caches of all versions of a webapp deployed in parallel are shutdowned
Maven tomcat plugin: tomcat7:run or tomcat7:run-war?
logrotate doesn't rotate catalina.out
Tomcat context management
AppEngine Response Time Variance
Can't make tomcat-maven-plugin create a log file?
Index pdf documents in Solr from C# client
Tomcat: failed to parse runtime descriptor
Eclipse: Overriding JNDI Resource in Tomcat
Docker: Which approach is better? WAR embedded in image or base image + war?
Cargo Cannot deploy to remote tomcat 8 with using cargo-maven-plugin
how to log in tomcat using slf4j and java.util.logging
Azure webapp Tomcat 8 configuration
Spring JavaConfig and Tomcat 8
Deploying Spring WAR to Tomcat-based docker
How to fix JAVAX runtime error on JDK11 Tomcat9 Spring Application
Tomcat doFilter() invoked with committed response
AccessControlException when trying to redeploy webapp to Tomcat using Netbeans
Where do we put the Servlets in the directory structure of Tomcat?
How to know whether a shutdown is currently in progress?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!