RE: Login problem with reverse proxy
A couple of days ago I wrote to the list with the below problem (reverse proxy having problems with Tomcat's redirect to the login screen). After spending two days trying to work out how best to modify Tomcat to solve this problem I discovered that apache mod_proxy has a directive that solves this very problem (despite what our firewall people told me *grrr*). http://httpd.apache.org/docs/mod/mod_proxy.html#proxypassreverse ProxyPassReverse directive This directive tells apache to modify redirects to point to the reverse proxy instead. Hamish -Original Message- From: Barney Hamish Sent: Friday, August 09, 2002 11:33 AM To: '[EMAIL PROTECTED]' Subject: Login problem with reverse proxy Hi, I'm using tomcat 3.2 with form based login and an apache reverse proxy to filter requests to the webserver. When tomcat issues the redirect to the login page the users are sent directly to the webserver not the reverse proxy. As the webserver is not directly accessable they are unable to request the log-in page. Is anyone aware of a way I can configure tomcat and or the reverse proxy to make this set-up work? More info: -Internet-- | Reverse Proxy | Private Net | Webserver (with Tomcat) When a request for a secure resource is sent to the reverse proxy, it forwards that request to the webserver. If the user is not logged-in tomcat tries to redirect the user to the login form. In that redirect Tomcat apparently includes the IP address of the server upon which it is currently residing. The reverse proxy forwards the webserver's response to the client. When the client tries to request the log-in page from the directly from the webserver it is unable to reach the webserver. Hamish -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Login problem with reverse proxy
No, i have no concrete idea. My only doubt is, that the chain browser-proxy-tomcat must be involved, that is your redirect somehow gets executed over this chain, otherwise the problem would not exist. I think, there is an option to say, wether redirects should be executed via the browser or really internally, but i don't remember, where... Regards, Jens Stutte Barney Hamish Hamish.Barney@ect-teTo: 'Tomcat Users List' lecoms.de [EMAIL PROTECTED] cc: 09/08/2002 13.52 Subject: RE: Login problem with reverse proxy Please respond to Tomcat Users List Thanks Jens. I'm afraid that doesn't help with my specific problem. This is something to do with the forwarding of requests to the login page that Tomcat does internally. I'm not sure how I can avoid that in the way I design my application (if I want to use the built-in authentication method without modifying the way Tomcat handles realms). Do you know how I can deal with this specific problem? Thanks, Hamish -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 12:58 PM To: Tomcat Users List Subject: Re: Login problem with reverse proxy Sorry for the empty mail, i struggled with my Lotus client (who the heck creates a dialog box that defaults to Send when closing a modified mail without sending it ?)... I have a similar configuration here (slightly complicated due to the use of struts). You must follow some rules in your design, to be able to do this: - do not use browser redirects, but internal redirects. Or create dynamically JavaScript redirects on your pages (not very nice, i know). - use only relative URLs. Otherwise, especially if your application does not map to your proxys root directory but some subfolder, nothing will work. - if you use struts, be aware of some tags, that create absolut URL pathes (the form tag for example). I extended and overrided some of these tags in order to create relative pathes (the struts community has decided, to not treat this issue). Hence, the most existing J2EE applications, that are not designed and tested for a similar environment, most likely won't work without modifications. Regards, Jens Stutte JensStutte@qu idinfo.itTo: Tomcat Users List [EMAIL PROTECTED] 09/08/2002 cc: 11.46Subject: Re: Login problem with reverse proxy Please respond to Tomcat Users List Barney Hamish Hamish.Barney@ect-teTo: '[EMAIL PROTECTED]' lecoms.de [EMAIL PROTECTED] cc: 09/08/2002 11.32 Subject: Login problem with reverse proxy Please respond to Tomcat Users List Hi, I'm using tomcat 3.2 with form based login and an apache reverse proxy to filter requests to the webserver. When tomcat issues the redirect to the login page the users are sent directly to the webserver not the reverse proxy. As the webserver is not directly accessable they are unable to request the log-in page. Is anyone aware of a way I can configure tomcat and or the reverse proxy to make this set-up work? More info: -Internet-- | Reverse Proxy | Private Net | Webserver (with Tomcat) When a request for a secure resource is sent to the reverse proxy, it forwards that request to the webserver. If the user is not logged-in tomcat tries to redirect the user to the login form. In that redirect Tomcat apparently includes the IP address of the server upon which it is currently residing. The reverse proxy forwards the webserver's response to the client. When the client tries to request the log-in page from the directly from the webserver it is unable to reach the webserver. Hamish -- To unsubscribe, e-mail
Login problem with reverse proxy
Hi, I'm using tomcat 3.2 with form based login and an apache reverse proxy to filter requests to the webserver. When tomcat issues the redirect to the login page the users are sent directly to the webserver not the reverse proxy. As the webserver is not directly accessable they are unable to request the log-in page. Is anyone aware of a way I can configure tomcat and or the reverse proxy to make this set-up work? More info: -Internet-- | Reverse Proxy | Private Net | Webserver (with Tomcat) When a request for a secure resource is sent to the reverse proxy, it forwards that request to the webserver. If the user is not logged-in tomcat tries to redirect the user to the login form. In that redirect Tomcat apparently includes the IP address of the server upon which it is currently residing. The reverse proxy forwards the webserver's response to the client. When the client tries to request the log-in page from the directly from the webserver it is unable to reach the webserver. Hamish -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Login problem with reverse proxy
Barney Hamish Hamish.Barney@ect-teTo: '[EMAIL PROTECTED]' lecoms.de [EMAIL PROTECTED] cc: 09/08/2002 11.32 Subject: Login problem with reverse proxy Please respond to Tomcat Users List Hi, I'm using tomcat 3.2 with form based login and an apache reverse proxy to filter requests to the webserver. When tomcat issues the redirect to the login page the users are sent directly to the webserver not the reverse proxy. As the webserver is not directly accessable they are unable to request the log-in page. Is anyone aware of a way I can configure tomcat and or the reverse proxy to make this set-up work? More info: -Internet-- | Reverse Proxy | Private Net | Webserver (with Tomcat) When a request for a secure resource is sent to the reverse proxy, it forwards that request to the webserver. If the user is not logged-in tomcat tries to redirect the user to the login form. In that redirect Tomcat apparently includes the IP address of the server upon which it is currently residing. The reverse proxy forwards the webserver's response to the client. When the client tries to request the log-in page from the directly from the webserver it is unable to reach the webserver. Hamish -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Login problem with reverse proxy
Sorry for the empty mail, i struggled with my Lotus client (who the heck creates a dialog box that defaults to Send when closing a modified mail without sending it ?)... I have a similar configuration here (slightly complicated due to the use of struts). You must follow some rules in your design, to be able to do this: - do not use browser redirects, but internal redirects. Or create dynamically JavaScript redirects on your pages (not very nice, i know). - use only relative URLs. Otherwise, especially if your application does not map to your proxys root directory but some subfolder, nothing will work. - if you use struts, be aware of some tags, that create absolut URL pathes (the form tag for example). I extended and overrided some of these tags in order to create relative pathes (the struts community has decided, to not treat this issue). Hence, the most existing J2EE applications, that are not designed and tested for a similar environment, most likely won't work without modifications. Regards, Jens Stutte JensStutte@qu idinfo.itTo: Tomcat Users List [EMAIL PROTECTED] 09/08/2002 cc: 11.46Subject: Re: Login problem with reverse proxy Please respond to Tomcat Users List Barney Hamish Hamish.Barney@ect-teTo: '[EMAIL PROTECTED]' lecoms.de [EMAIL PROTECTED] cc: 09/08/2002 11.32 Subject: Login problem with reverse proxy Please respond to Tomcat Users List Hi, I'm using tomcat 3.2 with form based login and an apache reverse proxy to filter requests to the webserver. When tomcat issues the redirect to the login page the users are sent directly to the webserver not the reverse proxy. As the webserver is not directly accessable they are unable to request the log-in page. Is anyone aware of a way I can configure tomcat and or the reverse proxy to make this set-up work? More info: -Internet-- | Reverse Proxy | Private Net | Webserver (with Tomcat) When a request for a secure resource is sent to the reverse proxy, it forwards that request to the webserver. If the user is not logged-in tomcat tries to redirect the user to the login form. In that redirect Tomcat apparently includes the IP address of the server upon which it is currently residing. The reverse proxy forwards the webserver's response to the client. When the client tries to request the log-in page from the directly from the webserver it is unable to reach the webserver. Hamish -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Login problem with reverse proxy
Thanks Jens. I'm afraid that doesn't help with my specific problem. This is something to do with the forwarding of requests to the login page that Tomcat does internally. I'm not sure how I can avoid that in the way I design my application (if I want to use the built-in authentication method without modifying the way Tomcat handles realms). Do you know how I can deal with this specific problem? Thanks, Hamish -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 12:58 PM To: Tomcat Users List Subject: Re: Login problem with reverse proxy Sorry for the empty mail, i struggled with my Lotus client (who the heck creates a dialog box that defaults to Send when closing a modified mail without sending it ?)... I have a similar configuration here (slightly complicated due to the use of struts). You must follow some rules in your design, to be able to do this: - do not use browser redirects, but internal redirects. Or create dynamically JavaScript redirects on your pages (not very nice, i know). - use only relative URLs. Otherwise, especially if your application does not map to your proxys root directory but some subfolder, nothing will work. - if you use struts, be aware of some tags, that create absolut URL pathes (the form tag for example). I extended and overrided some of these tags in order to create relative pathes (the struts community has decided, to not treat this issue). Hence, the most existing J2EE applications, that are not designed and tested for a similar environment, most likely won't work without modifications. Regards, Jens Stutte JensStutte@qu idinfo.itTo: Tomcat Users List [EMAIL PROTECTED] 09/08/2002 cc: 11.46Subject: Re: Login problem with reverse proxy Please respond to Tomcat Users List Barney Hamish Hamish.Barney@ect-teTo: '[EMAIL PROTECTED]' lecoms.de [EMAIL PROTECTED] cc: 09/08/2002 11.32 Subject: Login problem with reverse proxy Please respond to Tomcat Users List Hi, I'm using tomcat 3.2 with form based login and an apache reverse proxy to filter requests to the webserver. When tomcat issues the redirect to the login page the users are sent directly to the webserver not the reverse proxy. As the webserver is not directly accessable they are unable to request the log-in page. Is anyone aware of a way I can configure tomcat and or the reverse proxy to make this set-up work? More info: -Internet-- | Reverse Proxy | Private Net | Webserver (with Tomcat) When a request for a secure resource is sent to the reverse proxy, it forwards that request to the webserver. If the user is not logged-in tomcat tries to redirect the user to the login form. In that redirect Tomcat apparently includes the IP address of the server upon which it is currently residing. The reverse proxy forwards the webserver's response to the client. When the client tries to request the log-in page from the directly from the webserver it is unable to reach the webserver. Hamish -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
