我有一个面向公众的Apache 2.2网络服务器,我已将其配置为代理并平衡对Tomcat 6.0上部署的后端Web应用程序的请求。我使用Spring FW + Spring安全框架作为技术堆栈,因此应用程序使用带有jsessionid的cookie。下面的代码段来自Apache配置:
ServerName abc.mydomain.com
ProxyRequests Off
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On scolonpathdelim=On
ProxyPassReverse / balancer://mycluster/
<Proxy balancer://mycluster >
BalancerMember http://10.179.40.165:8080/abc
</Proxy>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
问题是,在成功登录后,Spring Security会在任何请求上重定向到无效的会话URL。我该怎么做才能解决问题? 感谢
彼得
答案 0 :(得分:0)
我也遇到过这个问题。
在https://stackoverflow.com/a/9951315/1211174
中找到答案这是我的配置:
<VirtualHost vm1.mydomain.com:443>
ServerName public.domain.name
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyTimeout 5400
#should be the otherway. white list instead of black list
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Proxy balancer://mybalancername>
BalancerMember ajp://localhost:8209
BalancerMember ajp://localhost:8210
ProxySet lbmethod=bytraffic
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass / balancer://mybalancername/
#check out http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html for more info
ProxyPassReverse / balancer://mybalancername/
ProxyPassReverseCookieDomain balancer://mybalancername https://public.domain.name
</IfModule>
似乎没有
ProxySet lbmethod=bytraffic
ProxySet stickysession=JSESSIONID
spring security无法获得正确的cookie