Configuring Public & Private URLs

**jnova** · Jan 5th, 2012, 05:33 PM

I am not entirely sure if this is a Spring Security configuration issue, but here is the problem I am having...

For security reasons I have a website with both a public url and private internal url.

Example:
Public URL=http://test.springproject.net/springapp

Private URL=http://appserver1:7777/springapp

When I connect to the VPN on the network that hosts my private url, I can access the application through the private url just fine. However, when I disconnect the VPN connection and try to access the application through the public url I get a 'Server not found' error for 'appserver1'.

I have similar public & private url configurations for other applications not using Spring and they are working correctly with no problems. This leads me to believe that something is wrong with my Spring Security configuration. I am not sure how to resolve this issue.

Here is the output from one of my log files when I try to hit the public url:

Code:

2012-01-05 18:14:39,325 DEBUG org.springframework.security.web.session.HttpSessionEventPublisher - Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=HTTP Session 7d8f93e55b30ead9fe5db692ed22107be21419cfbb0f6f58dfc3c62bcff6021a]
2012-01-05 18:14:39,325 DEBUG org.springframework.beans.factory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.security.core.session.SessionRegistryImpl#0'
2012-01-05 18:14:39,326 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://appserver1:7777/springapp/fdms/]
2012-01-05 18:14:39,326 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Calling Authentication entry point.
2012-01-05 18:14:39,331 DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to 'http://appserver1:7777/springapp/login.do'
2012-01-05 18:14:39,331 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2012-01-05 18:14:39,332 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

Do I need to configure some kind of DefaultRedirectStrategy to get this to work?

Thanks

**jnova** · Jan 6th, 2012, 12:08 PM

I did some more investigation and it looks like I am having the same issue as the person in this thread: http://www.xinotes.org/notes/note/727/

The problem seems to be that Oracle web cache does not rewrite the port correctly in HTTP header and page contents. It doesn't appear to be a Spring Security issue.

Has anybody else run into this kind of issue before?

**jnova** · Jan 6th, 2012, 12:19 PM

I found this URL as well and it looks like it could be a possible solution:http://stackoverflow.com/questions/6...-redirect-urls

It says that the solution was to use to use the Apache httpd mod_rewrite module:

http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

Thread: Configuring Public & Private URLs

Thread Tools

Display

Configuring Public & Private URLs

Posting Permissions