I have application secured with Apache Shiro. When I'm accessing my application through localhost:8080/MyApp I'm being successfully redirected to localhost:8080/MyApp/login. I authenticate with credentials and all is good - I'm being redirected to home page which requires authentication.
I've configured nginx proxy to access the application with 'nicely' looking url so:
server {
server_name www.example.com example.com;
listen 80;
location / {
proxy_pass http://localhost:8080/MyApp/;
}
}
When I access my application through www.example.com, i'm being again successfully redirected to www.example.com/login, I fill in the credentials but then instead of going to my home page I'm again being redirected to login page as if I wasn't authenticated.
I've tried few things, first - I've checked whether my request reaches the url responsible for authentication and whether i'm actually authenticated, I have two mappings in my controllers:
When either is invoked i'm displaying in the console if i'm authenticated through:
System.out.println("is auth:" + SecurityUtils.getSubject().isAuthenticated());
When I go to www.example.com this is what happens:
I wasn't sure whether it was Shiro's fault or maybe wrong nginx configuration so I've changed the nginx config to the following:
server {
server_name www.example.com example.com;
listen 80;
location /MyApp {
proxy_pass http://localhost:8080;
}
}
With the above nginx config and accessing the application through www.example.com/MyApp, everything works like a charm, I'm being redirected to login page, I authenticate successfully and I'm being redirected to the home page.
Can anyone explain that behavior? Is that nginx or shiro's issue, or am I missing something else?
//EDIT: I think I know what's the problem, however I don't know how to solve it yet:
I think Shiro uses application name to save cookies, www.example.com and www.example.com/MyApp saved the cookies under the same path - /MyApp, hence www.example.com can't find the correct cookie - again this is just a suspicion at this point
//EDIT: I start to think that this is due to Sprinv MVC redirect (I think it's not accouning for the servlet context)
Yep Indeed it was Spring redirection problem. Instead of returning:
return "redirect:/some/path";
I'm returning the following:
return new RedirectView("/some/path", true);