Geek Answers Handbook

Apache LoadBalancing, Sticky Session, and Spring Security

I have an Apache 2.2 public web server that I configured to proxy and balance requests for internal web applications deployed on Tomcat 6.0. I use Spring FW + Spring security infrastructure as a technology stack, so the application uses a cookie with jsessionid. The following is a snippet from the Apache configuration:

ServerName abc.mydomain.com

ProxyRequests Off ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On scolonpathdelim=On ProxyPassReverse / balancer://mycluster/ <Proxy balancer://mycluster > BalancerMember http://10.179.40.165:8080/abc </Proxy> <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location>

The problem is that Spring Security will redirect to the wrong session url for any request after a successful login. What can I do to solve the problem? Thanks

Peter

+4
source share
1 answer

I also had this problem.

found the answer at fooobar.com/questions/321195 / ...

here is my configuration:

  <VirtualHost vm1.mydomain.com:443> ServerName public.domain.name <IfModule mod_proxy.c> ProxyRequests Off ProxyTimeout 5400 #should be the otherway. white list instead of black list <Proxy *> Order deny,allow Allow from all </Proxy> <Proxy balancer://mybalancername> BalancerMember ajp://localhost:8209 BalancerMember ajp://localhost:8210 ProxySet lbmethod=bytraffic ProxySet stickysession=JSESSIONID </Proxy> ProxyPass / balancer://mybalancername/ #check out http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html for more info ProxyPassReverse / balancer://mybalancername/ ProxyPassReverseCookieDomain balancer://mybalancername https://public.domain.name </IfModule>

it seems that without

  ProxySet lbmethod=bytraffic ProxySet stickysession=JSESSIONID

spring Security does not get the right cookie

+1
source

More articles:


All Articles