8

I am using spring security login mechanism for my application and tested everything.Things were working fine.I have the following use case

  1. If customer is not logged in , application will redirect customer to the login page.
  2. On successful login, application will redirect customer back to same page from where they were redirected to the login page

this is the Java code used to redirect user to his original location

final SavedRequest savedRequest = this.requestCache.getRequest(request, response);
targetUrl = savedRequest.getRedirectUrl();
getRedirectStrategy().sendRedirect(request, response, targetUrl);

RedirectionStrategy being used here is DefaultRedirectStrategy, things were working fine. Application is now deployed on the Pre Production server and now this seems not working and I am getting 404 error.

When customer is being redirected to the home page,targetUrl is coming out as "/", I have a Spring controller named with this mapping

@RequestMapping("/")
public class HomePageController{  // home page code }

my application's current Pre-Prod urs is prepd-www.mysite.com so when sendredirect come in to action, webpage URL is getting changed to prepd-www.mysite.com/prepd-www.mysite.com

I am not sure what is causing this issue. is it because of the proxy server settings ? Can any one suggest me about the possible root cause of this issue?

I have already tried it on all local machines and well on our QA but everything is working perfectly fine.

Current setup for the environment where this is happening is

  1. We have 4 app server
  2. We have one load balancer which is redirecting traffic to one of the app server.
Umesh Awasthi
  • 23,407
  • 37
  • 132
  • 204
  • 1
    Do you use some http server (e.g. apache) in your pre-prod server? If you saying that locally it is working fine then probably it is some configuration issue. – Aleksandr M Nov 21 '14 at 09:43
  • @AleksandrM: Yes, using Apache as HTTP server, even I am doubting that it is some issue with configuration – Umesh Awasthi Nov 21 '14 at 10:50
  • It looks like a misconfiguration of an apache reverse proxy. Could you show the configuration of the proxy ? – Serge Ballesta Dec 19 '14 at 09:30
  • Are your all app server are accessible from each other. @UmeshAwasthi – Sachin Janani Dec 24 '14 at 13:25
  • @UmeshAwasthi - please provide your Spring Security config, particularly the `` element. Also, what is happening in your `HomePageController`'s "/" handler? – SergeyB Dec 24 '14 at 22:40
  • @SergeBallesta : sorry for replying so late, sorry I have no access to proxy configurations – Umesh Awasthi Jan 10 '15 at 01:57
  • @SachinJanani: No, they are independent standalone server and not accessible from each other – Umesh Awasthi Jan 10 '15 at 01:57
  • Sad you cannot show reverse provy configuration ... Just another question : what is the url on your developpement machine ? More specifically are you using root context on dev ? – Serge Ballesta Jan 10 '15 at 09:59
  • @SergeBallesta: not sure what is your question? do you want to know the URL which is being used in the local machine to open the website? – Umesh Awasthi Jan 10 '15 at 19:20
  • @UmeshAwasthi can you log the value of the request URL you are going to cache (not to retrieve) both in local and pre-prod environments, and post them here ? If the code is the same, it must be a configuration problem... seeing those values could help – Andrea Ligios Jan 16 '15 at 17:27
  • @AndreaLigios: if you want I can share `httpd.config` file now – Umesh Awasthi Jan 16 '15 at 23:12

3 Answers3

1

Are you using in preproduction tomcat or another application server?, normally if your war is calling foo and your commit to tomcat, the path for this war is 

   http://localhost:8080/foo/

So if you are using servlet you need specify in your web.xml that the main path is foo/*

paul
  • 12,873
  • 23
  • 91
  • 153
1

Just a wild guess since you could not give the reverse proxy configuration, nor the exact URL used in pre prod and in developpement.

You say you are using DefaultRedirectStrategy from Spring security. This strategy has an option (contextRelative) that prepends the ServletContext path to the URL. If in your developpement system you were using the root context, that is if you were accessing home page at (for example) : http://localhost:8080/ the serlet context was empty.

But if now in preprod, the servlet context is no longer root but is say /myApp once translated by apache reverse proxy, when you redirect you get an URL of /myApp/myApp that could be translated back to what you gave.

You could try to control whether you have contextRelative as true in DefaultRedirectStrategy and if yes if you can set if to false and also control if you redirect to absolute or relative URLs.

Serge Ballesta
  • 143,923
  • 11
  • 122
  • 252
  • Thanks!! that is what I have done as a wild guess , hope this will work. My issue is that servers are not under our control and they are like black box to us and any information request seems getting lost to the IT team :( – Umesh Awasthi Jan 12 '15 at 03:23
  • @UmeshAwasthi : just an advice, but you should use a not null context path in developpement to identify sooner problems like that. – Serge Ballesta Jan 12 '15 at 06:49
  • I tried that one but it seems not working, for me the `context` is always coming as `empty` and URL is always coming as `http://site-la-www.mysite.com/` – Umesh Awasthi Jan 15 '15 at 18:11
  • @UmeshAwasthi The context part in independant of all source code (including config). It is only set by the deployment step. What is your developpement tool ? – Serge Ballesta Jan 15 '15 at 19:02
  • Can you be more specific what you want to know about development tools? – Umesh Awasthi Jan 15 '15 at 19:07
  • @UmeshAwasthi : Is it Netbeans (I use and know), Eclipse, IntelliJ or other, and is your developpement server Tomcat or other, and how do you deploy/start the application on developpement machine ? – Serge Ballesta Jan 15 '15 at 19:26
  • Oh, using Eclipse with tomcat on my local development but for the QA , we have web-server and load balancer in front of tomcat – Umesh Awasthi Jan 15 '15 at 19:38
  • @UmeshAwasthi : I haven't used Eclipse for a long time, and can't remember deployment details. But you could look at [this other question](http://stackoverflow.com/q/4269133/3545273) from SO. At a last chance solution, you can create a war and manually deploy it to your local tomcat. – Serge Ballesta Jan 15 '15 at 22:12
  • If you want I can share `httpd.config` file now – Umesh Awasthi Jan 16 '15 at 23:12
1

If you are using apache in front check rewrite rule and redirect rules of apache config. Best way would be to ssh tunnel directly to application server(by skipping apache) and test. If it's working that means your application config is fine and it needs to be fixed in apache.

Chirag Shah
  • 55
  • 1
  • 10
  • sorry for asking this , but being not familiar with the setup things, how can i bypass apache by using ssh? – Umesh Awasthi Jan 15 '15 at 19:26
  • If you have access to tomcat port tou can use putty to tunnel to tomcat port and access directly without apacche on your local. Check this for putty tunneling. http://www.ehow.com/how_2036605_create-ssh-putty.html#page=7 – Chirag Shah Jan 16 '15 at 16:45