acegi + tomcat 5.5 + apache 2.0 and proxypass

[jailleto]

Hi,
I need some help to configure my application and acegi.

I use apache in front and tomcat 5.5

I try to use a proxypass to have my application working at the Root of the web server.

Apache 2.0 configuraton.
<VirtualHost *:80>
ProxyPass / http://localhost:8080/myApplication/
ProxyPassReverse / http://localhost:8080/myApplication/
</VirtualHost>

Since I have add this proxypass setting the login do not work (It' like is do not keep the session)

Do I have to set somethin in Acegi to do that (Have the application mapped to the root of the web serve).

Thanks

jailleto

[Luke Taylor]

What evidence do you have that the session isn't being maintained?

Does it work if you don't use the web server root?

[jailleto]

Because I get to the main page and even the javascript are not loaded and if a go anywhere else in the application it's redirect me to the login page. like I was no login.

If a do not put the proxy pass to the / it's work fine.

[Luke Taylor]

Have you looked at the debug log?

And again, does it work if you don't map your application to the web server root (i.e. if you map it to something else)?

Whether you're using Acegi security or not shouldn't make any difference. Your web application shouldn't be aware that it's in front of a proxy.

[jailleto]

It' work only if a map the application with the same name of the war.

I have nothing on the log when a log in.

But if a try to log out I get this

ava.lang.NullPointerException
at org.acegisecurity.ui.rememberme.TokenBasedRemember MeServices.logout(TokenBasedRememberMeServices.jav a:295)
at org.acegisecurity.ui.logout.LogoutFilter.doFilter( LogoutFilter.java:98)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.context.HttpSessionContextIntegr ationFilter.doFilter(HttpSessionContextIntegration Filter.java:229)
at org.acegisecurity.util.FilterChainProxy$VirtualFil terChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.util.FilterChainProxy.doFilter(F ilterChainProxy.java:148)
at org.acegisecurity.util.FilterToBeanProxy.doFilter( FilterToBeanProxy.java:98)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:178)
at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:541)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11 ConnectionHandler.processConnection(Http11BaseProt ocol.java:667)
at org.apache.tomcat.util.net.PoolTcpEndpoint.process Socket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)

[karldmoore]

I think the stacktrace is there is produced by a known bug. I'm not sure it's an issue.

[jailleto]

With ProxyPass the Remote IpAdress is the apache sever

DEBUG - AbstractProcessingFilter.successfulAuthentication( 375) | Authentication success: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@e4419d51: Username: com.company.security.TPdbUser@a7c09800: Username: jailleto; Password: [PROTECTED];
Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true;
Granted Authorities: ROLE_COORDINATOR, ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true;
Details: org.acegisecurity.ui.WebAuthenticationDetails@380f 4:
RemoteIpAddress: 127.0.0.1;
SessionId: 63D5C2AC68B7D36E73D48E2BC4BBE33D;
Granted Authorities: ROLE_COORDINATOR, ROLE_ADMIN


With the jk_mod Connector the IP adress is correct ! and it's work

DEBUG - AbstractProcessingFilter.successfulAuthentication( 375) | Authentication success: org.acegisecurity.providers.UsernamePasswordAuthen ticationToken@e442aec1: Username: com.company.security.TPdbUser@a7c09800: Username: jailleto; Password: [PROTECTED];
Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true;
Granted Authorities: ROLE_COORDINATOR, ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true;
Details: org.acegisecurity.ui.WebAuthenticationDetails@b364 :
RemoteIpAddress: 192.168.173.114;
SessionId: 23A6658C3A36FB000E9904E245D7B92F;
Granted Authorities: ROLE_COORDINATOR, ROLE_ADMIN

Question how to pass the correct IP adress to ACEGI with a proxy ?

[Luke Taylor]

The IP address shouldn't prevent you from logging in, unless you have explicitly added some kind of checking for that.

If you're using a proxy, then you will see the address of the web server. That is normal. I'm not aware of any way you can change that, since it's a simple HTTP request.

Why don't you want to use a connector? AJP support is now build directly into Apache 2.2 mod_proxy and is quite straightforward to configure.

[jailleto]

I want user the Proxy solution because I would like to map my application to the ROOT of the web server
httt://www.myapplication.com/
And not
httt://www.myapplication.com/myApplication/

[Luke Taylor]

Why can't you do that with mod_jk, or mod_proxy_ajp ?

Have you debugged the redirect requests that are sent to the browser to make sure the URLs are being sent correctly? Perhaps your tomcat configuration isn't correct?

http://tomcat.apache.org/tomcat-5.0-...oxy-howto.html

In particular you may have to set proxyName and/or proxyPort.