Spring Security 和 AJP 代理

发布于 2024-11-08 16:30:50 字数 1426 浏览 4 评论 0 原文

我将 Spring Security 和 Apache 代理用于 Web 应用程序。使用标准 mod_proxy 时一切正常,但切换到 AJP 代理后,Spring 安全重定向出现问题。

Apache 配置:

<VirtualHost *:80>
  ServerName domain.com

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>

当我调用 http://domain.com/login 时,我看到一个登录表单。

当我提交表单时,我会转到 http://domain.com/auth 并获得身份验证。

然后 Spring Security 应该重定向到 http://domain.com/index 但它重定向到 http://domain.com/Context/index

如何摆脱该上下文路径?为什么 Spring Security 到处都添加它?

Spring Security 网站上有一个类似的问题,但没有人回答:

http://forum.springsource.org/showthread.php?95141-Why-is-spring-security-include-the-context-path

PS 谷歌没有找到与这个问题更多相关的东西,这似乎很奇怪。我是唯一一个使用 Spring Security + AJP 的人吗?也许这是一个错误的模式?

解决方案:

<VirtualHost *:80>
  ServerName domain.com

  RewriteEngine on
  RewriteRule ^/Context/(.*)$ /$1 [R=301]

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>

I use Spring Security and Apache proxy for a web app. When using standard mod_proxy everything is OK, but after switching to AJP proxy there appears a problem with Spring security redirects.

Apache config:

<VirtualHost *:80>
  ServerName domain.com

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>

When I call http://domain.com/login I see a login form.

When I submit the form I go to http://domain.com/auth and get authenticated.

Then Spring Security should redirect to http://domain.com/index but it redirects instead to http://domain.com/Context/index

How can I get rid of that context path? Why Spring Security adds it everywhere?

There was a similar question on Spring Security site but no one answered it:

http://forum.springsource.org/showthread.php?95141-Why-is-spring-security-including-the-context-path

P.S.
It seems strange that Google doesn't find anything more related to this problem. Am I the only one who uses Spring Security + AJP? Maybe it's a wrong pattern?

Solution:

<VirtualHost *:80>
  ServerName domain.com

  RewriteEngine on
  RewriteRule ^/Context/(.*)$ /$1 [R=301]

  ProxyPass / ajp://localhost:8009/Context/
  ProxyPassReverse / ajp://localhost:8009/Context/
</VirtualHost>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

债姬 2024-11-15 16:30:50

Spring Security 是 Web 应用程序上下文感知的,这意味着它的重定向将始终基于当前的 Web 应用程序上下文。这是设计使然,因为您的应用程序服务器可能正在运行多个不同的 Web 应用程序,这些应用程序不应相互干扰。

您是否仅在服务器上运行此应用程序,并且可以将其部署为 Tomcat 上的 ROOT 应用程序(例如将其放入 webapps/ROOT/ 中)?这将消除您的上下文前缀并解决您的问题。

另一种选择可能是在将重定向 URL 传递到客户端之前重写应用服务器上的重定向 URL,例如使用 来自 org.tuckey 出色的 URLRewriteFilteroutbound-rule (类似于 mod_rewrite,但是对于 Java EE Web 应用程序)。当然,您必须在 web.xml 中注意正确的过滤器顺序,因为 Spring Security 也使用过滤器来处理其逻辑。

Spring Security is web application context aware, meaning that its redirects will always be based upon the current web application context. This is by design since your app server may be running several distinct web applications which should not interfere with each other.

Do you run only this application on your server and have the possibility to deploy it as ROOT application on Tomcat (e. g. putting it into webapps/ROOT/)? This would eliminate your context prefix and solve your problem.

Another option may be rewriting the redirect URL on the app server before it is passed to the client, e. g. with an outbound-rule from org.tuckey's great URLRewriteFilter (like mod_rewrite, but for Java EE web apps). Of course, you would have to take care of proper filter ordering in your web.xml since Spring Security also uses filters for its logic.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文