>>>>> Brian Demers <brian.demers-re5jqeeqqe8avxtiumw...@public.gmane.org>:
> What does the request shiro receives look like? Hm... I was going to do some wireshark captures to illustrate the problem. But what happened now was that everything worked as expected... ie the authproblem when entering the webapp after a cookie path rewrite no longer occurs...:-) Nevertheless the captures may be of interest. The captures are on port 8181, ie. the captures are the way shiro sees them, and the nginx cookie path rewrites aren't shown. 1. A capture of an nginx auth check before doing a login https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-initial-auth-check 2. A capture of opening the login page (redirected there by nginx when the auth failed) https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-open-login-page 3. A capture of of the login POST (redirecting to the original page) https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-successful-login-post 4. A capture of a successful auth check https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-successful-auth-check-from-nginx 5. A capture of what happens when entering the webapp's path from the nginx frontend (ie. http://lorenzo.hjemme.lan/authservice/). This is the one that was failing for me, but now is working https://gist.github.com/steinarb/7bb695f350592c63111bac9d30782d89#file-opening-the-top-level-authservice-path > Is the rewrite also changing the request path? No. The base path as seen from nginx is http://lorenzo.hjemme.lan/authservice and the base path as seen from karaf is http://localhost:8181/authservice > Does that affect the path filtering rules you have set up? I don't think so. It seemed to work as expected "inside" the http://lorenzo.hjemme.lan/authservice URL before I introduced the cookie path rewrite. But when I introduced the rewrite http://lorenzo.hjemme.lan/ worked while http://lorenzo.hjemme.lan/authservice failed. However now both work. I have no idea what made it start working. Some kind of cookie expiry, perhaps...? Thanks! - Steinar