Re: redirection error due to context path after JAAS authentication with mod_proxy
From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, October 12, 2011 11:52 AM Subject: Re: redirection error due to context path after JAAS authentication with mod_proxy Woonsan Ko wrote: Hi, I have a reverse proxy configuration like this: VirtualHost *:80 ServerName localhost ProxyPreserveHost On ProxyPass / http://localhost:8080/app1/ ProxyPassReverse / http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 / /VirtualHost If it is really like above, then why are you using an Apache httpd front-end at all? Would it not be easier (+ simpler, + more efficient) to just get Tomcat to listen on port 80 and whatever IP address Apache httpd is listening to right now ? (To get exactly the same behaviour as above, you would also have to make app1 be the Tomcat ROOT application.) Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a back-end, and sometimes this is very practical. At least, when the Apache httpd front-end is actually doing something other than forwarding the requests to Tomcat. But here, it does not seem to be doing anything at all. Yeah, actually I gave a simplified example configuration in order to show proxy mappings. We have many other reasons to keep apache httpd as front-end here. I've suggested a system administrator about deploying app to ROOT as a workaround, but they are not willing to do that for some reasons. Anyway, if there's no way to customize redirection behavior after JAAS login, then I probably need to find a more controllable solution instead of using Tomcat's JAAS login feature. (Spring Security seems a good alternative which is filter based.) Thanks anyway, Woonsan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
redirection error due to context path after JAAS authentication with mod_proxy
Hi, I have a reverse proxy configuration like this: VirtualHost *:80 ServerName localhost ProxyPreserveHost On ProxyPass / http://localhost:8080/app1/ ProxyPassReverse / http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 / /VirtualHost And, I have a form-based login configuration for JAAS authentication. When I try log on, the redirect location (the secured resource path) after /j_security_check seems to be prepended by the context path, '/app1'. (e.g. Location: http://localhost/app1/login/resource, instead of http://localhost/login/resource) I guess there will be other solutions with more sophisticated configuration for mod_proxy by adding more external server addresses. However, I'd like to avoid that if possible because the external addresses can be changed/added at any time. Is there any way to customize the redirection after authentication (e.g. by using absolute url generation with a custom component) ? Regards, Woonsan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: redirection error due to context path after JAAS authentication with mod_proxy
Woonsan Ko wrote: Hi, I have a reverse proxy configuration like this: VirtualHost *:80 ServerName localhost ProxyPreserveHost On ProxyPass / http://localhost:8080/app1/ ProxyPassReverse / http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 / /VirtualHost If it is really like above, then why are you using an Apache httpd front-end at all? Would it not be easier (+ simpler, + more efficient) to just get Tomcat to listen on port 80 and whatever IP address Apache httpd is listening to right now ? (To get exactly the same behaviour as above, you would also have to make app1 be the Tomcat ROOT application.) Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a back-end, and sometimes this is very practical. At least, when the Apache httpd front-end is actually doing something other than forwarding the requests to Tomcat. But here, it does not seem to be doing anything at all. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: redirection error due to context path after JAAS authentication with mod_proxy
- Original Message - From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Wednesday, October 12, 2011 11:52 AM Subject: Re: redirection error due to context path after JAAS authentication with mod_proxy Woonsan Ko wrote: Hi, I have a reverse proxy configuration like this: VirtualHost *:80 ServerName localhost ProxyPreserveHost On ProxyPass / http://localhost:8080/app1/ ProxyPassReverse / http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 / /VirtualHost If it is really like above, then why are you using an Apache httpd front-end at all? Would it not be easier (+ simpler, + more efficient) to just get Tomcat to listen on port 80 and whatever IP address Apache httpd is listening to right now ? One simple strong reason is that I don't want to run tomcat by root. Thanks, Woonsan (To get exactly the same behaviour as above, you would also have to make app1 be the Tomcat ROOT application.) Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a back-end, and sometimes this is very practical. At least, when the Apache httpd front-end is actually doing something other than forwarding the requests to Tomcat. But here, it does not seem to be doing anything at all. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: redirection error due to context path after JAAS authentication with mod_proxy
On 12/10/2011 17:51, Woonsan Ko wrote: - Original Message - From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Wednesday, October 12, 2011 11:52 AM Subject: Re: redirection error due to context path after JAAS authentication with mod_proxy Woonsan Ko wrote: Hi, I have a reverse proxy configuration like this: VirtualHost *:80 ServerName localhost ProxyPreserveHost On ProxyPass / http://localhost:8080/app1/ ProxyPassReverse / http://localhost:8080/app1/ ProxyPassReverseCookiePath /app1 / /VirtualHost If it is really like above, then why are you using an Apache httpd front-end at all? Would it not be easier (+ simpler, + more efficient) to just get Tomcat to listen on port 80 and whatever IP address Apache httpd is listening to right now ? One simple strong reason is that I don't want to run tomcat by root. JSVC, iptables, Tanuki - bunch of different way to handle that. p (To get exactly the same behaviour as above, you would also have to make app1 be the Tomcat ROOT application.) Note: I also use a lot of setups with Apache httpd as front-end, and Tomcat as a back-end, and sometimes this is very practical. At least, when the Apache httpd front-end is actually doing something other than forwarding the requests to Tomcat. But here, it does not seem to be doing anything at all. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: redirection error due to context path after JAAS authentication with mod_proxy
On 12/10/11 17:51, Woonsan Ko wrote: One simple strong reason is that I don't want to run tomcat by root. The debian/ubuntu deb package installs tomcat6 so that it uses authbind to listen on ports 1024, and it runs under its own non-root uid/gid. I was very impressed when I converted from tomcat5 as a vanilla install to tomcat6 as a deb. Even if you are not on debian, perhaps looking at the installation script and file structure will help you set up something similar. Regards, Brian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org