March 08, 2011

JBoss & Apache: Form-based Authentication

So, configuring Jboss to run behind Apache, we got the right Apache config, we solved JSF/RichFaces issues rewriting generated links, using mod_proxy_hml or using a custom ViewHandler. End of the problems ? Not quite.

Using form-based authentication raised two issues in our setup.

Cookie Path Mismatch

Form-based authentication uses the famous JSESSIONID cookie. Unfortunatley, without any specific configuration, the JSESSIONID cookie path on JBoss does not match the path on the proxy server, causing the cookie not to be sent back appropriately when submitting the login form.

This might result in HTTP Status 408 (time allowed for the login process has been exceeded).

Fortunately, a single configuration line in the Apache virtual host solves the issue (see the complete config):

ProxyPassReverseCookiePath /appA /

Login Redirect

Another issue is that, after sucessful login, JBoss sends a redirect using the application context path ( /appA ), resulting in HTTP 404 error.

To solve this, we used Apache URL rewriting capacity, to remove the context path from the requested URL and send a redirect to the modified URL (keeping the rest of the path or request parameters)

RewriteEngine On
        RewriteRule ^/appA/(.*)$ /$1 [R]

Will all those points solved, we finally managed to have different JBoss applications running in the same JBoss server and mapped to different subdomains.

End of the story ? Not yet. We still want to (1) use HTTPS and (2) use Apache as a load balancer in front of a JBoss cluster. But this is yet to be tested...
Posted by H at 14:40
Reactions: 

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)