I use Spring Security and Apache proxy for a web app. When using standard mod_proxy everything is OK, but after switching to AJP proxy there appears a problem with Spring security redirects.
Apache config:
<VirtualHost *:80>
ServerName domain.com
ProxyPass / ajp://localhost:8009/Context/
ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>
When I call http://domain.com/login I see a login form.
When I submit the form I go to http://domain.com/auth and get authenticated.
Then Spring Security should redirect to http://domain.com/index but it redirects instead to http://domain.com/Context/index
How can I get rid of that context path? Why Spring Security adds it everywhere?
There was a similar question on Spring Security site but no one answered it:
http://forum.springsource.org/showthread.php?95141-Why-is-spring-security-including-the-context-path
P.S. It seems strange that Google doesn't find anything more related to this problem. Am I the only one who uses Spring Security + AJP? Maybe it's a wrong pattern?
Solution:
<VirtualHost *:80>
ServerName domain.com
RewriteEngine on
RewriteRule ^/Context/(.*)$ /$1 [R=301]
ProxyPass / ajp://localhost:8009/Context/
ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>
Spring Security is web application context aware, meaning that its redirects will always be based upon the current web application context. This is by design since your app server may be running several distinct web applications which should not interfere with each other.
Do you run only this application on your server and have the possibility to deploy it as ROOT application on Tomcat (e. g. putting it into webapps/ROOT/
)? This would eliminate your context prefix and solve your problem.
Another option may be rewriting the redirect URL on the app server before it is passed to the client, e. g. with an outbound-rule
from org.tuckey's great URLRewriteFilter
(like mod_rewrite, but for Java EE web apps). Of course, you would have to take care of proper filter ordering in your web.xml
since Spring Security also uses filters for its logic.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With