B
Bronco
Guest
And to finalize matters. What I've been trying to do is hide the rather long REST adapter url's by something shorter. The method I chose is setting up a web server (Apache, nginx possible too) to act as a reverse proxy. This setup not only shortens your url's, but it hides all the other Tomcat stuff (port 8980 for example) from the outside world. ProxyPass /data http://localhost:8980/restapi/rest/restapi/router ProxyPassReverse /data http://localhost:8980/restapi/rest/restapi/router So I want my data calls to go to http(s):// server-name/data. This works like a charm without authentication. When you turn on authentication cookies come into play. The cookie I got returned at first was: Set-Cookie: JSESSIONID=1524622920BCA23CA647C3E2475DF364; Path=/restapi/; HttpOnly The path stuff tells the browser to only send the cookie (the JSESSIONID stuff) back to the server when a call is made to /restapi. Now I just setup Apache to rewire things via /data/ so when calling /data, the cookie is not sent and as a consequence I'm making an unauthorized call. The final piece in this puzzle is to let Apache rewrite the cookie path as well: ProxyPassReverseCookiePath /restapi /data Since it took me some time to get this real world example to work I thought I might share the solution as well. Next challenge: put node.js in between as well, and switch to nginx since this web server matches the architecture of node better.
Continue reading...
Continue reading...