Tomcat behind Apache HTTP server using Spring Security

Since I have been struggling with applications not working properly behind Apache HTTP server that use Spring Security I dedicated this blog to this issue.

When you develop an application using Spring security this works fine when just running on a Tomcat server e.g. http://localhost:8080/app-context/. The problems start when you want to setup your environment properly by adding an Apache HTTP server in front of it using proxy AJP. You would start by adding the following to your apache config file:

ProxyPass /app-context/ ajp://localhost:8009/app-context/


This works fine when trying to go to http://servername/app-context/ but when you try to login you will be redirected back to the login page everytime. To avoid this behavior you need to add the following line to your Apache configuration:

ProxyPass /app-context/j_spring_security_check ajp://localhost:8009/app-context/j_spring_security_check


For some reason it doesn't work without this line which seems weird to me since you basically map the context and everything that comes after it with the previous line. After trying a lot of options I just tried adding this and this seemed to work. I discovered that when I was logging in (using firebug) that it couldn't find the path /app-context/j_spring_security_check so I tried adding it and it finally worked :-).

There is still one thing left to do though since you also want to be able to logout you have to add the following line too:

ProxyPass /app-context/j_spring_security_check ajp://localhost:8009/app-context/j_spring_security_logout

Comments

  1. UnknownNovember 19, 2012 at 11:10 PM

    Hey Salomon,

    I've the exact problem that u've addressed above. I've followed every instruction listed but my issues is still not solved.
    What do u suggest I try out?
    Is port 8009 the tomcat port?

    ReplyDelete
  2. ScotMay 15, 2013 at 6:57 AM

    The second example should be this.

    ProxyPass /app-context/j_spring_security_logout ajp://localhost:8009/app-context/j_spring_security_logout

    ReplyDelete
  3. AndrĂ© FonsecaJuly 9, 2013 at 5:32 AM

    I was also having this problem and removing the trailing slashes of :

    ProxyPass /app-context/ ajp://localhost:8009/app-context/

    to :

    ProxyPass /app-context ajp://localhost:8009/app-context

    solved it.

    ReplyDelete
  4. MaverickMJuly 15, 2016 at 12:24 AM

    I agree with above comment. Without adding spring security endpoints, I simply removed trailing slashes / in ProxyPass and ProxyPassReverse made it work

    ReplyDelete

Post a Comment

Popular posts from this blog

Fastest XML parser

In most applications you need to do some XML parsing to either provide XML to external systems or parse XML from external systems or of course both. Since the systems I work on use a lot of XML and they need to be as fast as possible I did some tests on several XML parsers. I tested the following parsers/XML frameworks: JDom Piccolo StaxMate XStream JAXB 2.1 All parsers were tested in isolation with the following parameters: 25 threads running simultaniously Every thread calls the parser 100 times The results are as follows. JDom Avg. parsing time: 325.24 ms Avg. memory usage: 307 KB Piccolo Avg. parsing time: 88.08 ms Avg. memory usage: 454 KB StaxMate Avg. parsing time: 96.16 ms Avg. memory usage: 203 KB XStream Avg. parsing time: 77.04 ms Avg. memory usage: 319 KB Jaxb 2.1 Avg. parsing time: 1778.12 ms Avg. memory usage: 618 KB As you can see XStream is the fastest one of them all. The total ranking of the parsers you can find below: XStream Piccolo StaxMate JDom JAXB 2.1
Read more

Cargo-itest open source project

I recently started an open source project called cargo-itest. This was started up because when I worked on several projects I needed to create integration tests for them which all had similarities. I was previously doing it with the maven2 cargo plug-in but wasn't really fond of it because it most of the times didn't work and when it worked it stopped working after editing the configuration. In other words it was very unstable. This initiated me to start to use the java API of Cargo instead of the maven plugin. By using the java API it already removes the dependency from your build system in this case Maven. Having no dependency on the build system gives you a couple of advantages: You can run it in any IDE that supports JUnit. You can switch easily to another build system without changing your tests and test configuration. These are general advantages of just using the API but also part of using my open source project cargo-itest. This project enables you to easily start creat
Read more