You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by Jia Mao <ma...@gmail.com> on 2010/10/19 05:10:29 UTC

Generic Header based authentication

Hi

I used the 2.1.7 server,geronimo-tomcat6-javaee5-2.1.7-SNAPSHOT-bin, built
on 2010.10.19 trying to verify the Generic Header based authentication as
described in Geronimo-5197 on the windows platform.


I installed the Apache Http Server and configured its httpd.conf file by
adding the following snippets:

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_http_module modules/mod_proxy_http.so


<IfModule mod_proxy.c>

ProxyPass /console http://localhost:8080/console

ProxyPass /demo_properties http://localhost:8080/demo_properties

</IfModule>


<IfModule mod_proxy.c>

ProxyPassReverse / http://localhost:8080/

</IfModule>


<IfModule mod_headers.c>

<Location /demo_properties>

RequestHeader add SM_USER izumi

</Location>

</IfModule>

LoadModule headers_module modules/mod_headers.so


The deployment plan, TestPropsRealm.xml, for the properties file security
realm is attached in the mail. In the realm, there are two additional tags:

<log:option name="headerNames">SM_USER</log:option>

<log:option name="authenticationAuthority">Siteminder</log:option>

which shall configure the security realm for properties login module to use
Generic Header based authentication.


The two properties files used are: demo_groups.properties &
demo_users.properties, attached in the mail.


The application for verification is file-realm-demo-2.1.1.2_properties, also
attached in the mail. If working correctly, to access the protect files from
the index page, users should be linked to the logon page. However, by
clicking on the �Protect� link, a 403 - Forbidden HTTP error was received.


The information from Geronimo log is as follows:


2010-10-19 11:04:11,888 WARN  [GenericHttpHeaderLoginmodule] An Unauthorized
attempt has been made to access the protected resource from host 127.0.0.1


Could anyone provide some advice on the issue. Thank you very much!


MAO Jia

Re: Generic Header based authentication

Posted by Jia Mao <ma...@gmail.com>.

Hi


The problem is solved. It is caused by the incorrect configuration in
httpd.conf, which is now changed to the following snippets:



LoadModule headers_module modules/mod_headers.so
<IfModule mod_headers.c>

<Location /demo_properties>

RequestHeader add SM_USER izumi

</Location>

</IfModule>


The �LoadModule headers_module modules/mod_headers.so� is moved ahead and
everything works fine now.



Best wishes,



MAO Jia






2010/10/19 Jia Mao <ma...@gmail.com>

> Hi
>
> I used the 2.1.7 server,geronimo-tomcat6-javaee5-2.1.7-SNAPSHOT-bin, built
> on 2010.10.19 trying to verify the Generic Header based authentication as
> described in Geronimo-5197 on the windows platform.
>
>
> I installed the Apache Http Server and configured its httpd.conf file by
> adding the following snippets:
>
> LoadModule proxy_module modules/mod_proxy.so
>
> LoadModule proxy_http_module modules/mod_proxy_http.so
>
>
> <IfModule mod_proxy.c>
>
> ProxyPass /console http://localhost:8080/console
>
> ProxyPass /demo_properties http://localhost:8080/demo_properties
>
> </IfModule>
>
>
> <IfModule mod_proxy.c>
>
> ProxyPassReverse / http://localhost:8080/
>
> </IfModule>
>
>
> <IfModule mod_headers.c>
>
> <Location /demo_properties>
>
> RequestHeader add SM_USER izumi
>
> </Location>
>
> </IfModule>
>
> LoadModule headers_module modules/mod_headers.so
>
>
> The deployment plan, TestPropsRealm.xml, for the properties file security
> realm is attached in the mail. In the realm, there are two additional tags:
>
> <log:option name="headerNames">SM_USER</log:option>
>
> <log:option name="authenticationAuthority">Siteminder</log:option>
>
> which shall configure the security realm for properties login module to
> use Generic Header based authentication.
>
>
> The two properties files used are: demo_groups.properties &
> demo_users.properties, attached in the mail.
>
>
> The application for verification is file-realm-demo-2.1.1.2_properties,
> also attached in the mail. If working correctly, to access the protect files
> from the index page, users should be linked to the logon page. However, by
> clicking on the �Protect� link, a 403 - Forbidden HTTP error was received.
>
>
> The information from Geronimo log is as follows:
>
>
> 2010-10-19 11:04:11,888 WARN  [GenericHttpHeaderLoginmodule] An
> Unauthorized attempt has been made to access the protected resource from
> host 127.0.0.1
>
>
> Could anyone provide some advice on the issue. Thank you very much!
>
>
> MAO Jia
>
>