By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,665 Members | 1,251 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,665 IT Pros & Developers. It's quick & easy.

J2EE Security with Tomcat and Apache Proxy Module

P: n/a
I am running a J2EE Web App under Tomcat 4.1 with Apache 2.0 proxying
requests. Everything is configured and working appropriately however
I ran into a problem after configuring J2EE Form Authentication. I
have a security constraint restricting access to the application so
that when I attempt to access the app I am redirected to the login
page. This works as expected both when accessing the application via
the Apache proxy or hitting the application directly. However, when
submitting the login form through the Apache proxy Tomcat chokes after
the submittal to j_security_check and barfs up the following error:

Invalid direct reference to form login page

The login process works fine when doing the same thing hitting the
Tomcat server directly.

I know this error occurs when trying to submit a login request after
accessing the login page directly and I am not doing this, nor is my
proxy doing this. I'm not entirely sure where Tomcat caches the
original requested URL during the login redirect process but I know
some solutions redirect using cookies and I think the Apache proxy may
be eating those cookies if that is the case. Either that or the
Apache proxy is submitting the request in a strange way.

If anyone has ever run into this problem and found a work around or a
more appropriate way to configure the proxy I would appreciate any
pointers. I have searched everywhere for something referencing this
type of problem and haven't been able to find a thing.

Thanks in advance for any pointers anyone can give. I have attached
the appropriate configuration parameters for the proxy below. I
haven't included any of the J2EE configuration because like I
mentioned the application works as expected when accessing Tomcat
directly so there is no problem there.

# Tomcat Proxy Configuration
ProxyRequests on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /app/proxyPoint http://foo.bar.com:8080/ContextRoot
ProxyPassReverse /app/proxyPoint http://foo.bar.com:8080/ContextRoot
Jul 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.