1

I have a minimal spring boot web application running on external tomcat. I had to migrate from spring boot 1.x to 2.y. But after migration, Hateoas links were using the node address instead of using forwarded-header-* sent from the proxy server.

So the general solution suggested was to add this following property in app.properties.

spring server.forward-headers-strategy=native

But this works only in embedded tomcat and not in external tomcat. Although setting this value to framework creates a ForwardHeaderFilter bean and solves the problem, I wanted to understand why it doesn't work in external tomcat environment.

I have asked a similar question here to understand the differences between native and framework.

@SpringBootApplication
public class HibernateApplication extends SpringBootServletInitializer {

    public static void main(String[] args) {
        SpringApplication.run(HibernateApplication.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(HibernateApplication.class);
    }

}

It was working perfectly fine in Spring boot 1.5.10.RELEASE. But stopped working in 2.4.6. I'm not sure if I have to add any additional properties to external tomcat web application.

Arun Gowda
  • 2,721
  • 5
  • 29
  • 50
  • 1
    Spring Boot cannot control an external Tomcat so trying to set properties influencing that will simply not work. You also upgraded 5 versions (2.0 to 2.4) which means many many changes occured. Apparently in previous releases (older Spring versions) there was an always on Forwarding strategy which can now be tweaked. Hence it always worked in older version because it was more or less "framework" without being able to change it. – M. Deinum Jul 13 '21 at 06:06
  • Just curious to know. If spring can't control external tomcat, then what good is the property `native`? Also, is there any way we can configure external tomcat to handle forwarded headers? – Arun Gowda Jul 13 '21 at 06:26
  • 1
    That is, as mentioned, for the embedded server. You really don't want any application controlling your external server (do you want suddently no SSL, different ports or what not more? Things you carefully configured!). To configure it for your external tomcat you need to setup the `RemoteIpValve` for procesing the request. – M. Deinum Jul 13 '21 at 06:29
  • Makes sense. So If at all I have to handle it in external tomcat, I should make the changes in tomcat server and not the framework. – Arun Gowda Jul 13 '21 at 16:56
  • Exactly, how to do that has been answered in your other question already. – M. Deinum Jul 13 '21 at 18:00

0 Answers0