Announcement Announcement Module
Collapse
No announcement yet.
Spring security's issue with load balance Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security's issue with load balance

    Hi There,

    I am using Spring security 2.04 more than 1 year not issues. but I encountered one issue after recently upgrade single application server to 2 app servers with load balance.

    Issue description:
    if the login request via LB's vip, then the default target URL is note 1 or note 2 rather than LB.
    For example: request from http://LB/login.jsp--> suppose URL is http://LB/index.jsp after login
    but now it is either http://note1:8080/index.jsp or http://note2:8080/index.jsp

    My configration of spring security xml:
    <form-login login-page="/login.jsp" default-target-url="/index.jsp" authentication-failure-url="/login.jsp?error=true" />

    Load balance is centOS 5x +apache 2x
    note1&note2 servers are centOS 5.x +tomcat 6x

    PS:if use absolute path in the spring security xml, it works. but I don't want to fix path.

    Thank you in advance!!
    Last edited by zhangxin; Feb 17th, 2011, 09:49 PM.

  • #2
    The URL that Spring Security uses is based upon the values in the HttpServletRequest object. You need to ensure that Tomcat or the load balancer are configured correctly in order for the HttpServletRequest to return the correct values. A good place to start is the Tomcat Reverse Proxy HowTo. If you have futher questions, I would search the Tomcat documentation and/or ask on the Tomcat forums.

    Regards,

    Comment


    • #3
      Originally posted by rwinch View Post
      The URL that Spring Security uses is based upon the values in the HttpServletRequest object. You need to ensure that Tomcat or the load balancer are configured correctly in order for the HttpServletRequest to return the correct values. A good place to start is the Tomcat Reverse Proxy HowTo. If you have futher questions, I would search the Tomcat documentation and/or ask on the Tomcat forums.

      Regards,
      Hi rwinch,
      thank you for your reply
      But I think it may not caused by the reverse proxy. As all of applications (by struts or spring mvc) are working fines except spring security login /logout and access-denied-page functions.
      Let me know what're your think

      Regards

      Comment


      • #4
        My guess is that you either are not doing absolute redirects within Struts2 / Spring MVC. While many browsers support relative redirects, performing relative redirects does not comply with the HTTP specification. The spec states that the Location header must be an absolute URI. That is why Spring Security uses an absolute URI.

        If you look at the code in LoginUrlEntryPoint you will see the values from the HttpServletRequest object are being used to determine the absolute URL for the redirect. Your options are to configure Spring Security to use relative URL's (techcnically will probaby work for most browsers but breaks HTTP spec) or configure your proxy or tomcat to populate the HttpServletRequest object correctly. If you choose to do relative redirects, you can search the forums for how to do it. However, I would strongly encourge you to keep with absolute redirects. First, it will likely be easier to configure tomcat as there are numerous places that Spring Security does absolute redirects. Second, and more importantly, it fixes any other code that is doing absolute redirects.

        PS I realized that I missed including the link for Tomcat last time, so here is the link.

        Cheers,

        Comment


        • #5
          Hi Rob,

          Yap you are right. I am reading the source code. All of related codes use RedirectUtils.sendRedirect method and default useRelativeContext is false.

          Thank your suggestion, I reset the load balance setting which change it from http to ajp @ apache httpd.conf. all of the problem solved.
          Not more issues with login/logout and access denied functions

          Thank for your great help !!

          Comment

          Working...
          X