Apache Spring Security

Introduction

This document describes how to enable SSL to work with Apache and Spring Security, where Spring Security is running under Tomcat with calls being forwarded using Mod JK.

Configuration

Update or create virtual host configurations in your apache.conf using mod_rewrite rules similar to the following:

<VirtualHost *:80>
          RewriteEngine on
          RewriteCond %{HTTPS} off
          RewriteCond %{REQUEST_URI} ^/mycontext/login.jsp$
          RewriteRule (^/.*$) https://%{SERVER_NAME}$1
</VirtualHost>

...

<IfModule mod_ssl.c>
     <VirtualHost *:443>
          RewriteEngine on
          RewriteCond %{HTTPS} on
          RewriteCond %{REQUEST_URI} !^/mycontext/(login.jsp|auth/signin.html|j_acegi_security_check)$
          RewriteRule (^/.*$) http://%{SERVER_NAME}$1
     </VirtualHost>
</IfModule>

-- Frank Dean - 21 Aug 2008

Related Topics: ApacheHints