Apache/mod_jk with Spring Security
https://stackoverflow.com/questions/11579889
-
22-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I am having some issues when using mod_jk with Spring Security that has worked on previous projects but I can't seem to make it work now.
I've got a fairly typical situation using JBoss (but could as easily be Tomcat) when my web app is located at http://hostname/myapp and I want this to be hidden from the browser such that all accesses will be http://hostname
In Apache I've got a couple of rules :-
# Remove double "myapp" in url
RewriteRule ^/myapp/(.*) /$1
# Check to see if content can be served locally - rewrite back if not
RewriteCond /dir/to/static/content -f
RewriteRule ^/(.*) /myapp/$1 [PT]
JkMount /myapp/* loadbalancer
I've stripped back my Spring Security to be as simple as possible :
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
In my web.xml
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The issue is that without Spring security (ie. remove the springSecurityFilterChain) this works fine, but with it included I get issues like
Reason: Authentication method not supported: GET
when I try to log in.
My questions are :
- Is this a Spring Security issue needing configuration, or is my Apache not correct?
- Has anyone got a working config that they can share with me!
I've been struggling with this for several hours, reading lots of posts but I've not managed to get it working.
해결책
To answer my own question to possibly help other people in the future. I had to switch to mod_proxy as opposed to mod_jk.
My setup looks like this
<Proxy>
Order deny,allow
Allow from all
</Proxy>
RewriteCond /dir/to/static/content/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*) ajp://127.0.0.1:8009/myapp/$1 [P]
ProxyPassReverse / http://myurl/myapp/
ProxyPassReverseCookiePath /myapp /
My spring security file
<security:http auto-config="false" use-expressions="true" disable-url-rewriting="true">
<security:intercept-url pattern="/app/login" access="permitAll" />
<security:intercept-url pattern="/app/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
<security:form-login
login-page="/app/login"
authentication-failure-url="/app/login?f=1"
default-target-url="/app/map"/>
<security:logout logout-url="/app/logout"/>
</security:http>
I think the key is the ProxyPassReverseCookiePath statement.
