I have an application deployed to Heroku that uses Spring Security, and, by extension, HttpSessionSecurityContextRepository. Realizing that HttpSession will cause problems when scaling up to multiple dynos, I am trying to configure webapp-runner (https://github.com/jsimone/webapp-runner) with the --session_manager memcache flag (with the Heroku memcache addon).
A local configuration using Apache and mod_proxy, two Tomcat instances, and memcached 1.4.13 works fine. When deployed to Heroku, however, it fails, even with a single dyno - randomly redirecting to the login page as if unauthenticated, indicating that the session store is not working. Same Procfile, verified the MEMCACHE_* variables via heroku config, etc.
Does anyone have experience with a similar configuration?
Update: the configuration works as designed.
The issue was caused by a Spring Security mis-configuration. A bad image URL buried in the app triggered the redirect. While this should have simply been a 404, there was also a catch-all intercept-url pattern in context-security.xml with access set to IS_AUTHENTICATED_FULLY. The result was that any page with the bad URL redirected to the login page. Correcting those URLs addressed the problem when deployed to Heroku, though I can't explain why it did not manifest on a local system.
Related
For security reasons, I wanted to remove docs and examples application. So, at first, I deleted both of them from the webapps directory. However, the remaining applications were not responding in browser, although the tomcat service is running in the server. I got blank screens.
Then I put back docs and examples in webapps directory, and things were back again. Then, I tried to undeploy them using tomcat manager. The undeployment works, but again I got blank screens.
I even tried restricting access to apps using valve and filters. And unfortunately, again I get blank screens.
Permission is not an issue, all contents belong to the tomcat user.
I am using Tomcat 8.5.37.
Update: I started with a clean installation. However, I get same result after undeploying docs and examples.
Update: I think it should be mentioned that we are using aws environment, and there is a load balancer. Also, in front of Tomcat we are using Apache (ajp_proxy).
I have a spring boot application, built to a war file. The code is here. The application works properly when running locally in ./gradlew bootrun, and my REST endpoints are responsive.
I set up FTP credentials on my azure site (Windows resource), and I've successfully uploaded the war file via the deploywar endpoint, as described here.
When I FTP in to the site, I see the war file exploded in to /site/wwwroot/webapps/ROOT/. However, it's unclear to me how to access the site.
THe main URL is https://springboottest01.azurewebsites.net/, which still is serving the hostingstart.html. If I go to https://springboottest01.azurewebsites.net/webapps/ROOT/, I pull down my webapp's index.html, and a few JS files. However, the REST API call that it tries to make, /students/list, fails to run (404 error), which makes me think that the spring boot backend isn't actually running.
How do I diagnose this? What do I need to do to get this to work?
I also tried setting up a Linux resource (Tomcat 8.5) and deploying the webapp to that site. When I do that, I get the same problems there (in this case, the webapp is available at the root URL of that resource, but the REST endpoint that it tries to call fails). https://springboottest02.azurewebsites.net/
I have got a webService without ui. It simple jax-ws app that will allow to manage users via soap requests. I tried to deploy it on websphere. It was deployed, But! my app doesn't appear in Service Providers and i can't get access to wsdl file via url that i pass in wsdlsoap:aderess location. It haven't got any servlets and other stuff. I create my app using template that deploy with success, it appear in Service Providers. I research all internet, but idk what go wrong.
P.S: Template project was eclipse project. I just add maven and has no idea why it wouldn't work.
The fact that your web service hasn't appeared in the Service Providers section means you've deployed it the wrong way.
Check whether you've selected the "Deploy web-services" option during deployment.
You probably got an issue in your trace.log file which possibly references to the ffdc, check it to investigate the problem.
You also haven't mentioned if you using servlet or EJB-based web services.
I have set up my two applications in single tomcat instance using the procedure described in Can I SSO between multiple Wars in the same servlet with Stormpath and Apache Shiro?
Both of the WARs run fine individually with the users registered in Stormpath directory. But when I link the two applications and do successful login in War A, still redirected to the Login Page of WAR B and I need to login again. I also see the jSessionId is different on login page of WAR A and WAR B. So somehow both the applications are not getting linked.
Shiro has a session mechanism which allows you clustering. See http://shiro.apache.org/session-management.html#SessionManagement-SessionClustering
Shiro has also an extension: buji-pac4j (https://github.com/bujiio/buji-pac4j) which new version (1.4.0) has a support for Stormpath.
So using both will help you achieve SSO with Stormpath.
I have a strange problem here and I dont know if any one has an idea what could cause it. I'm working on a Java EE (Servlets & JSPs) web application project that uses AJAX to update the web page. When I test it on my localhost server (im using Tomcat 7.0.26) it works perfectly well. But when I run the same application on my hosting server, some of the values or the page itself refuse to update correctly. These values are stored in a session attribute and when they are typed in they are sent to the servlet via AJAX request, like I said, they work well as expected on my localhost but on the hosting server that I subscribed, there are errors. Does anyone have any idea what is going on there please? The site is http://www.optdesolver.com
I can think of a number of things
Your server configuration. How long that the session timeout is set?
Your app has a cache of files.
Your browser has some cache of files.
You are not deploying your proyect properly.
You have multple instances in your server.
You have to restart the server in order to make it refresh its contents.
I suggest you use some kind of version number in your html to verify that is not a cache realated problem.
I hope this helps.