我在机器上配置了Apache,并将代理配置到实际应用程序,使用LDAP进行授权。
例如,Apache中的form_auth.conf就是这样的 <Location /myapp/home/j_security_check>
ErrorDocument 401 /myapp/home/login.jsp
AuthType form
AuthName form_auth
SetHandler form-login-handler
LDAPReferrals Off
AuthFormProvider ldap
AuthLDAPURL "ldaps://details"
AuthLDAPBindDN “details"
AuthLDAPBindPassword “a£456&89"
AuthFormLoginSuccessLocation http://10.1.5.55:8080/myapp/
Session On
SessionCookieName mysession path=/
SessionCryptoPassphrase secretpass
SessionCryptoCipher aes128
SessionMaxAge 1800
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Require valid-user
Order allow,deny
Allow from all
AuthFormFakeBasicAuth On
</Location>
<LocationMatch "^/(myapp)">
AuthFormProvider ldap
AuthLDAPURL "ldaps:details"
AuthLDAPBindDN "CN=UNIX TEST0 SZ Service Account,OU=Environments,OU=User,OU=Delegated,DC=test,DC=LOCAL"
AuthLDAPBindPassword "a£456&89"
AuthType form
AuthName form_auth
AuthFormLoginRequiredLocation http://10.1.5.55/myapp/home/login.jsp
Session On
SessionCookieName mysession path=/
SessionCryptoPassphrase secretpass
SessionCryptoCipher aes128
SessionMaxAge 1800
Require valid-user
Order allow,deny
Allow from all
AuthFormFakeBasicAuth On
</LocationMatch>
ProxyPass /myapp http://10.1.5.55:8080/myapp max=480 retry=0 keepalive=On
ProxyPassReverse /myapp http://10.1.5.55:8080/myapp
现在从本地机器我在端口9090上通过8080端口到Apache服务器上建立隧道。
在浏览器中输入“{{3}}”
向我展示了Apache index.html页面,我可以在Apache服务器上看到日志。当我尝试访问localhost:9090 / myapp时,我可以看到浏览器URL更改为10.1.5.55:8080/myapp/home/login.jsp但没有响应和超时。
在Apache错误日志上 - 访问Apache的第一个URL,我的日志就像这样
AH01502:标题:ap_headers_output_filter()
[authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of <RequireAny>: granted
[authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of <RequireAny>: granted
当我尝试访问myapp时,我会收到此日志并超时
mod_authz_core.c(802): [client 10.6.1.10:55347] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[authz_core:debug] [pid 26518] mod_authz_core.c(802): [client 10.6.1.10:55347] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[core:debug] [pid 26518] util_cookies.c(59): [client 10.6.1.10:55347] AH00007: ap_cookie: user '(null)' set cookie: 'myapp2session=3x/IdXV5SmKhepiUQ8kUSLw/6Dwv9vxc97x78JhsOZrGF2Tx8Y5TnH7uf0fOfI2+czX3ZB6m92dJSlMttrX1VA==;Max-Age=1800;path=/'
[headers:debug] [pid 26518] mod_headers.c(848): AH01503: headers: ap_headers_error_filter()
[core:info] [pid 26514] [client 10.6.1.10:55348] AH00128: File does not exist: /var/www/html/myapp/home/login jsp
我显示了表单输出。
我的配置中缺少什么,因为这是在不同环境中的工作配置。