You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Woonsan Ko <wo...@yahoo.com> on 2011/10/12 16:50:45 UTC
redirection error due to context path after JAAS authentication with mod_proxy
Hi,
I have a reverse proxy configuration like this:
<VirtualHost *:80>
ServerName localhost
ProxyPreserveHost On
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
ProxyPassReverseCookiePath /app1 /
</VirtualHost>
And, I have a form-based login configuration for JAAS authentication.
When I try log on, the redirect location (the secured resource path) after /j_security_check seems to be prepended by the context path, '/app1'. (e.g. Location: http://localhost/app1/login/resource, instead of http://localhost/login/resource)
I guess there will be other solutions with more sophisticated configuration for mod_proxy by adding more external server addresses.
However, I'd like to avoid that if possible because the external addresses can be changed/added at any time.
Is there any way to customize the redirection after authentication (e.g. by using absolute url generation with a custom component) ?
Regards,
Woonsan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: redirection error due to context path after JAAS authentication
with mod_proxy
Posted by Pid <pi...@pidster.com>.
On 12/10/2011 17:51, Woonsan Ko wrote:
>
> ----- Original Message -----
>> From: André Warnier <aw...@ice-sa.com>
>> To: Tomcat Users List <us...@tomcat.apache.org>
>> Cc:
>> Sent: Wednesday, October 12, 2011 11:52 AM
>> Subject: Re: redirection error due to context path after JAAS authentication with mod_proxy
>>
>> Woonsan Ko wrote:
>>> Hi,
>>>
>>> I have a reverse proxy configuration like this:
>>>
>>> <VirtualHost *:80> ServerName localhost ProxyPreserveHost On
>> ProxyPass / http://localhost:8080/app1/ ProxyPassReverse /
>> http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 /
>> </VirtualHost>
>>
>> If it is really like above, then why are you using an Apache httpd front-end at
>> all?
>> Would it not be easier (+ simpler, + more efficient) to just get Tomcat to
>> listen on port 80 and whatever IP address Apache httpd is listening to right now
>> ?
>
> One simple strong reason is that I don't want to run tomcat by root.
JSVC, iptables, Tanuki - bunch of different way to handle that.
p
>> (To get exactly the same behaviour as above, you would also have to make
>> "app1" be the Tomcat ROOT application.)
>>
>> Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a
>> back-end, and sometimes this is very practical. At least, when the Apache httpd
>> front-end is actually "doing something" other than forwarding the
>> requests to Tomcat.
>> But here, it does not seem to be doing anything at all.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: redirection error due to context path after JAAS authentication
with mod_proxy
Posted by Brian Burch <br...@pingtoo.com>.
On 12/10/11 17:51, Woonsan Ko wrote:
> One simple strong reason is that I don't want to run tomcat by root.
The debian/ubuntu deb package installs tomcat6 so that it uses authbind
to listen on ports < 1024, and it runs under its own non-root uid/gid. I
was very impressed when I converted from tomcat5 as a vanilla install to
tomcat6 as a deb.
Even if you are not on debian, perhaps looking at the installation
script and file structure will help you set up something similar.
Regards,
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: redirection error due to context path after JAAS authentication with mod_proxy
Posted by Woonsan Ko <wo...@yahoo.com>.
----- Original Message -----
> From: André Warnier <aw...@ice-sa.com>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Cc:
> Sent: Wednesday, October 12, 2011 11:52 AM
> Subject: Re: redirection error due to context path after JAAS authentication with mod_proxy
>
> Woonsan Ko wrote:
>> Hi,
>>
>> I have a reverse proxy configuration like this:
>>
>> <VirtualHost *:80> ServerName localhost ProxyPreserveHost On
> ProxyPass / http://localhost:8080/app1/ ProxyPassReverse /
> http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 /
> </VirtualHost>
>
> If it is really like above, then why are you using an Apache httpd front-end at
> all?
> Would it not be easier (+ simpler, + more efficient) to just get Tomcat to
> listen on port 80 and whatever IP address Apache httpd is listening to right now
> ?
One simple strong reason is that I don't want to run tomcat by root.
Thanks,
Woonsan
>
> (To get exactly the same behaviour as above, you would also have to make
> "app1" be the Tomcat ROOT application.)
>
> Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a
> back-end, and sometimes this is very practical. At least, when the Apache httpd
> front-end is actually "doing something" other than forwarding the
> requests to Tomcat.
> But here, it does not seem to be doing anything at all.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: redirection error due to context path after JAAS authentication with mod_proxy
Posted by Woonsan Ko <wo...@yahoo.com>.
>________________________________
>From: André Warnier <aw...@ice-sa.com>
>To: Tomcat Users List <us...@tomcat.apache.org>
>Sent: Wednesday, October 12, 2011 11:52 AM
>Subject: Re: redirection error due to context path after JAAS authentication with mod_proxy
>
>Woonsan Ko wrote:
>> Hi,
>>
>> I have a reverse proxy configuration like this:
>>
>> <VirtualHost *:80> ServerName localhost ProxyPreserveHost On ProxyPass / http://localhost:8080/app1/ ProxyPassReverse / http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 / </VirtualHost>
>
>If it is really like above, then why are you using an Apache httpd front-end at all?
>Would it not be easier (+ simpler, + more efficient) to just get Tomcat to listen on port 80 and whatever IP address Apache httpd is listening to right now ?
>
>(To get exactly the same behaviour as above, you would also have to make "app1" be the Tomcat ROOT application.)
>
>Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a back-end, and sometimes this is very practical. At least, when the Apache httpd front-end is actually "doing something" other than forwarding the requests to Tomcat.
>But here, it does not seem to be doing anything at all.
Yeah, actually I gave a simplified example configuration in order to show proxy mappings.
We have many other reasons to keep apache httpd as front-end here.
I've suggested a system administrator about deploying app to ROOT as a workaround, but they are not willing to do that for some reasons.
Anyway, if there's no way to customize redirection behavior after JAAS login, then I probably need to find a more controllable solution instead of using Tomcat's JAAS login feature. (Spring Security seems a good alternative which is filter based.)
Thanks anyway,
Woonsan
>
>
>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: redirection error due to context path after JAAS authentication
with mod_proxy
Posted by André Warnier <aw...@ice-sa.com>.
Woonsan Ko wrote:
> Hi,
>
> I have a reverse proxy configuration like this:
>
> <VirtualHost *:80>
> ServerName localhost
> ProxyPreserveHost On
> ProxyPass / http://localhost:8080/app1/
> ProxyPassReverse / http://localhost:8080/app1/
> ProxyPassReverseCookiePath /app1 /
> </VirtualHost>
If it is really like above, then why are you using an Apache httpd front-end at all?
Would it not be easier (+ simpler, + more efficient) to just get Tomcat to listen on port
80 and whatever IP address Apache httpd is listening to right now ?
(To get exactly the same behaviour as above, you would also have to make "app1" be the
Tomcat ROOT application.)
Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a back-end,
and sometimes this is very practical. At least, when the Apache httpd front-end is
actually "doing something" other than forwarding the requests to Tomcat.
But here, it does not seem to be doing anything at all.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org