You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Jia Mao <ma...@gmail.com> on 2010/10/19 05:10:29 UTC
Generic Header based authentication
Hi
I used the 2.1.7 server,geronimo-tomcat6-javaee5-2.1.7-SNAPSHOT-bin, built
on 2010.10.19 trying to verify the Generic Header based authentication as
described in Geronimo-5197 on the windows platform.
I installed the Apache Http Server and configured its httpd.conf file by
adding the following snippets:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<IfModule mod_proxy.c>
ProxyPass /console http://localhost:8080/console
ProxyPass /demo_properties http://localhost:8080/demo_properties
</IfModule>
<IfModule mod_proxy.c>
ProxyPassReverse / http://localhost:8080/
</IfModule>
<IfModule mod_headers.c>
<Location /demo_properties>
RequestHeader add SM_USER izumi
</Location>
</IfModule>
LoadModule headers_module modules/mod_headers.so
The deployment plan, TestPropsRealm.xml, for the properties file security
realm is attached in the mail. In the realm, there are two additional tags:
<log:option name="headerNames">SM_USER</log:option>
<log:option name="authenticationAuthority">Siteminder</log:option>
which shall configure the security realm for properties login module to use
Generic Header based authentication.
The two properties files used are: demo_groups.properties &
demo_users.properties, attached in the mail.
The application for verification is file-realm-demo-2.1.1.2_properties, also
attached in the mail. If working correctly, to access the protect files from
the index page, users should be linked to the logon page. However, by
clicking on the �Protect� link, a 403 - Forbidden HTTP error was received.
The information from Geronimo log is as follows:
2010-10-19 11:04:11,888 WARN [GenericHttpHeaderLoginmodule] An Unauthorized
attempt has been made to access the protected resource from host 127.0.0.1
Could anyone provide some advice on the issue. Thank you very much!
MAO Jia
Re: Generic Header based authentication
Posted by Jia Mao <ma...@gmail.com>.
Hi
The problem is solved. It is caused by the incorrect configuration in
httpd.conf, which is now changed to the following snippets:
LoadModule headers_module modules/mod_headers.so
<IfModule mod_headers.c>
<Location /demo_properties>
RequestHeader add SM_USER izumi
</Location>
</IfModule>
The �LoadModule headers_module modules/mod_headers.so� is moved ahead and
everything works fine now.
Best wishes,
MAO Jia
2010/10/19 Jia Mao <ma...@gmail.com>
> Hi
>
> I used the 2.1.7 server,geronimo-tomcat6-javaee5-2.1.7-SNAPSHOT-bin, built
> on 2010.10.19 trying to verify the Generic Header based authentication as
> described in Geronimo-5197 on the windows platform.
>
>
> I installed the Apache Http Server and configured its httpd.conf file by
> adding the following snippets:
>
> LoadModule proxy_module modules/mod_proxy.so
>
> LoadModule proxy_http_module modules/mod_proxy_http.so
>
>
> <IfModule mod_proxy.c>
>
> ProxyPass /console http://localhost:8080/console
>
> ProxyPass /demo_properties http://localhost:8080/demo_properties
>
> </IfModule>
>
>
> <IfModule mod_proxy.c>
>
> ProxyPassReverse / http://localhost:8080/
>
> </IfModule>
>
>
> <IfModule mod_headers.c>
>
> <Location /demo_properties>
>
> RequestHeader add SM_USER izumi
>
> </Location>
>
> </IfModule>
>
> LoadModule headers_module modules/mod_headers.so
>
>
> The deployment plan, TestPropsRealm.xml, for the properties file security
> realm is attached in the mail. In the realm, there are two additional tags:
>
> <log:option name="headerNames">SM_USER</log:option>
>
> <log:option name="authenticationAuthority">Siteminder</log:option>
>
> which shall configure the security realm for properties login module to
> use Generic Header based authentication.
>
>
> The two properties files used are: demo_groups.properties &
> demo_users.properties, attached in the mail.
>
>
> The application for verification is file-realm-demo-2.1.1.2_properties,
> also attached in the mail. If working correctly, to access the protect files
> from the index page, users should be linked to the logon page. However, by
> clicking on the �Protect� link, a 403 - Forbidden HTTP error was received.
>
>
> The information from Geronimo log is as follows:
>
>
> 2010-10-19 11:04:11,888 WARN [GenericHttpHeaderLoginmodule] An
> Unauthorized attempt has been made to access the protected resource from
> host 127.0.0.1
>
>
> Could anyone provide some advice on the issue. Thank you very much!
>
>
> MAO Jia
>
>