使用apache http和Spring安全性加载平衡

时间:2016-08-22 06:33:15

标签: spring apache tomcat spring-security

我使用apache http,mod-jk和两个tomcat服务器来对我的应用程序进行负载均衡,该应用程序使用spring security。当应用程序启动时,我得到以下错误

 Error code: ERR_TOO_MANY_REDIRECTS 

之前有没有人见过这个问题?是否有任何配置可以让负载均衡器工作。 如果我从应用程序中删除弹簧安全性,负载均衡器工作正常。

Web.xml中

 <?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- The definition of the Root Spring Container shared by all Servlets 
    and Filters -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring-security.xml,/WEB-INF/spring/root-context.xml</param-value>
</context-param>

<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
    <servlet-name>oAuth</servlet-name>
    <servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
</servlet>
<!-- Processes application requests -->
<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>oAuth</servlet-name>
    <url-pattern>/oAuth</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>60</session-timeout>
</session-config>
<servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>/index.html</welcome-file>
</welcome-file-list>

弹簧security.xml文件

  <?xml version="1.0" encoding="UTF-8"?>
   <beans:beans xmlns="http://www.springframework.org/schema/security"
   xmlns:beans="http://www.springframework.org/schema/beans"        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!--HTTP Interceptors for authentication -->
<http pattern="/templates/**" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/lib/**" security="none"></http>
<http pattern="/lib/css/**" security="none"></http>
<http pattern="/lib/js/**" security="none"></http>
<http pattern="/lib/fonts/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/rest/**" security="none"></http>
<http pattern="/oAuth" security="none"></http>
<http entry-point-ref="entryPoint"
    auto-config="true" use-expressions="true">
    <anonymous enabled="false"></anonymous>
    <custom-filter ref="oAuthFilter" after="SECURITY_CONTEXT_FILTER"></custom-filter>
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')"></intercept-url>
</http>

<authentication-manager alias="upmAuthenticationManager"></authentication-manager>
<beans:bean id="entryPoint" class="auth.EntryPoint">
    <beans:constructor-arg value="/index.html"></beans:constructor-arg>
</beans:bean>

<beans:bean id="oAuthEnd" name="auth.oAuthEnd"
    class="oAuth.OAuthServlet">
    <beans:property name="oAuthFilter" ref="oAuthFilter"></beans:property>
</beans:bean>
<beans:bean id="oAuthFilter" class="auth.filter">
    <beans:property name="id"
        value=""></beans:property>
    <beans:property name="secret"
        value=""></beans:property>
    <beans:property name="url"
        value=""></beans:property>
</beans:bean>

mod-jk配置

worker.server1.port=8009
worker.server1.host=localhost
worker.server1.type=ajp13

worker.server2.port=9009
worker.server2.host=localhost
worker.server2.type=ajp13

worker.server1.lbfactor=1
worker.server2.lbfactor=1

worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=server1,server2
worker.status.type=status

<VirtualHost *:80>
    JkMount /status status
    JkMount /* loadbalancer
    ServerAdmin webmaster@localhost
    DocumentRoot /data/www/
    <location />
            Require all granted
    </location>

    ErrorLog ${APACHE_LOG_DIR}/www_error.log
    CustomLog ${APACHE_LOG_DIR}/www_access.log combined
 </VirtualHost>

1 个答案:

答案 0 :(得分:1)

Apache httpd和mod_jk不会让我感到害怕。

很难说没有看到你的配置,但我敢打赌你的Spring安全配置已经配置了一个安全的登录页面,所以它总是重定向到你无法到达的页面。

你可以发布你的web.xml和安全配置吗?也许与Tomcat的mod_jk映射也会有所帮助。

编辑: 我认为将sticky_session设置为true可以解决问题。尝试将此添加到您的mod_jk配置:

worker.loadbalancer.sticky_session=1

EDIT2:将jvmRoute属性设置为worker.loadbalancer.members中配置的值解决了问题。

发生的事情是mod_jk使用会话cookie中作为后缀的值来检查loadbalancer成员名称,以找出会话打开的客户端。由于jvmRoute没有值,因此JSESSIONID没有后缀,因此mod_jk不知道发送请求的工作者,因此平衡器根据lbfactor选择一个worker。

由于此值配置为对两个worker都具有相同的值,因此每个传入请求都被重定向到上一个请求中未选择的worker,因此无法访问登录表单既不执行登录也不会登录机制正在使用中。)