Menu
I have a tomcat instance that is running multiple WAR files. The tomcat instance is proxied behind an Apache server so that the context paths are stripped out. Instead, I am using subdomains:
Basically, my setup looks like this:
http://localhost:8080/app1 -> http://app1.example.com/
http://localhost:8080/app2 -> http://app2.example.com/
What I need to happen is to make all redirects context relative since I no longer include the context path in the URL. I've noticed that Spring Security allows for setting redirects to be "context relative" with the default class DefaultRedirectStrategy. In order to get the redirects working properly, I have to override multiple objects just so that I can simply swap out the default instance of DefaultRedirectStrategy with contextRelative=false to my own created instance of DefaultRedirectStrategy with contextRelative=true.
Is there an easier way where I can just tell spring that I want to globally redirect all URLs without the context path? I have already tried registering DefaultRedirectStrategy in my configuration but that did not work.
@Bean
public RedirectStrategy createRedirectStrategy()
{
// create the redirect strategy to set the urls to context relative
DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
redirectStrategy.setContextRelative(true);
return redirectStrategy;
}
^ This would have been too easy. Not sure why spring doesn't allow this to work.
Am I looking in the wrong place?
813
asked Jan 27 '26 08:01
I have been struggling with the same issue as you are. Trying to overwrite Spring Security's AuthenticationEntryPoint and SuccessHandler so that they use urls without Context Path. When it struck me, my configuration of subdomain was basically saying that whenever someones open http://app1.example.com/ he/she should be redirected to http://example.com/app1 so in terms of how the url is seen by Tomcat and hence Spring Security the context is there indeed. So maybe instead of doing crazy hacks in Spring Security it would be better to somehow get rid of the context path itself.
So what I did at the end, looks as follows.
I redirect both of my subdomains to the same address, which is where I have my tomcat running. Mind you, in opposite to the previous state I do not say anything about application context.
http://app1.example.com/ -> http://localhost:8080
http://app2.example.com/ -> http://localhost:8080
So now to distinguish which subdomain should trigger which application I use tomcat's Virtual hosts (read more here).
Updated ./tomcat/conf/server.xml looks like this
<Host name="app1.example.pl" appBase="app1"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="app1_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<Host name="app2.example.pl" appBase="app2"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="apps2_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
Now instead of webapps I put war files for both applications respectively in folders app1 and app2 (they are placed in the same parent folder as webapp folder). Finally to remove the ContextPath we want them to be deployed as ROOT applications therefore for both applications wars should be named ROOT.war
I believe this is far better solution than hacking Spring Security. As well it lets you use "redirect:" in SpringMVC with relatives paths.
89
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
