Re: Is the cookie path important for Shiro

Fri, 25 Jan 2019 10:43:16 -0800 

>>>>> Brian Demers <brian.demers-re5jqeeqqe8avxtiumw...@public.gmane.org>:

> What does the request shiro receives look like?

Hm... I was going to do some wireshark captures to illustrate the
problem.  

But what happened now was that everything worked as expected... ie the
authproblem when entering the webapp after a cookie path rewrite no
longer occurs...:-)

Nevertheless the captures may be of interest.

The captures are on port 8181, ie. the captures are the way shiro sees
them, and the nginx cookie path rewrites aren't shown.

 1. A capture of an nginx auth check before doing a login
     
https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-initial-auth-check
 2. A capture of opening the login page (redirected there by nginx when
    the auth failed)
     
https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-open-login-page
 3. A capture of of the login POST (redirecting to the original page)
     
https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-successful-login-post
 4. A capture of a successful auth check
     
https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-successful-auth-check-from-nginx
 5. A capture of what happens when entering the webapp's path from the
    nginx frontend (ie. http://lorenzo.hjemme.lan/authservice/).  This
    is the one that was failing for me, but now is working
     
https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-opening-the-top-level-authservice-path

> Is the rewrite also changing the request path?

No.  The base path as seen from nginx is http://lorenzo.hjemme.lan/authservice
and the base path as seen from karaf is http://localhost:8181/authservice

> Does that affect the path filtering rules you have set up?

I don't think so.  It seemed to work as expected "inside" the
http://lorenzo.hjemme.lan/authservice URL before I introduced the cookie
path rewrite.

But when I introduced the rewrite http://lorenzo.hjemme.lan/ worked
while http://lorenzo.hjemme.lan/authservice failed.

However now both work.  I have no idea what made it start working.  Some
kind of cookie expiry, perhaps...?

Thanks!


- Steinar

Reply via email to