471,316 Members | 1,026 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,316 software developers and data experts.

J2EE Security with Tomcat and Apache Proxy Module

I am running a J2EE Web App under Tomcat 4.1 with Apache 2.0 proxying
requests. Everything is configured and working appropriately however
I ran into a problem after configuring J2EE Form Authentication. I
have a security constraint restricting access to the application so
that when I attempt to access the app I am redirected to the login
page. This works as expected both when accessing the application via
the Apache proxy or hitting the application directly. However, when
submitting the login form through the Apache proxy Tomcat chokes after
the submittal to j_security_check and barfs up the following error:

Invalid direct reference to form login page

The login process works fine when doing the same thing hitting the
Tomcat server directly.

I know this error occurs when trying to submit a login request after
accessing the login page directly and I am not doing this, nor is my
proxy doing this. I'm not entirely sure where Tomcat caches the
original requested URL during the login redirect process but I know
some solutions redirect using cookies and I think the Apache proxy may
be eating those cookies if that is the case. Either that or the
Apache proxy is submitting the request in a strange way.

If anyone has ever run into this problem and found a work around or a
more appropriate way to configure the proxy I would appreciate any
pointers. I have searched everywhere for something referencing this
type of problem and haven't been able to find a thing.

Thanks in advance for any pointers anyone can give. I have attached
the appropriate configuration parameters for the proxy below. I
haven't included any of the J2EE configuration because like I
mentioned the application works as expected when accessing Tomcat
directly so there is no problem there.

# Tomcat Proxy Configuration
ProxyRequests on
<Proxy *>
Order deny,allow
Allow from all

ProxyPass /app/proxyPoint http://foo.bar.com:8080/ContextRoot
ProxyPassReverse /app/proxyPoint http://foo.bar.com:8080/ContextRoot
Jul 17 '05 #1
0 3102

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by kaptain kernel | last post: by
7 posts views Thread by Alexandr Molochnikov | last post: by
2 posts views Thread by John | last post: by
5 posts views Thread by Thiago Campos Pereira | last post: by
4 posts views Thread by Henrik Skak Pedersen | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.