You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Barris, Wes (LI, Uni of Queensland)" <We...@csiro.au> on 2002/03/27 05:37:32 UTC

Basic authentication and Tomcat servlets

I am running Tomcat 4.0.1 connected to Apache 1.3.23 via mod_webapp 1.0
on a Redhat 7.2 system.

Directory 'a' is protected using Basic Apache authentication:

/htdocs/a

Directory 'b' is where my servlets are deployed via webapp:

/htdocs/b

I want to allow anyone access to 'b', but inside a servlet in 'b'
I want to test to see if they authenticated themselves in 'a'.
Is there a way to do this?


So far, I have only been able to do this using:

String auth = request.getHeader("Authorization");

IFF 'b' is under 'a' like this:

/htdocs/a/b

--
Wes Barris
E-Mail: Wes.Barris@csiro.au
Phone: 07-3346-2504

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Basic authentication and Tomcat servlets

Posted by Jeff Larsen <la...@qec.com>.

If 'b' is not protected, then Apache will neither ask for 
authorization nor include authorization info in the request
headers when a document in 'b' is requested.

One thing you could try is to use a symbolic link to 'b'
from 'a' so that /htdocs/a/b points to /htdocs/b. Then
a request for /htdocs/a/b will require authorization, but
/htdocs/b will not.  Of course it all depends on how your
documents link to 'b' and if you don't mind maintaining 2 
routes to 'b' in your links.

Jeff

----- Original Message ----- 
From: "Barris, Wes (LI, Uni of Queensland)" <We...@csiro.au>
To: "Tomcat User (E-mail)" <to...@jakarta.apache.org>
Sent: Tuesday, March 26, 2002 10:37 PM
Subject: Basic authentication and Tomcat servlets


> I am running Tomcat 4.0.1 connected to Apache 1.3.23 via mod_webapp 1.0
> on a Redhat 7.2 system.
> 
> Directory 'a' is protected using Basic Apache authentication:
> 
> /htdocs/a
> 
> Directory 'b' is where my servlets are deployed via webapp:
> 
> /htdocs/b
> 
> I want to allow anyone access to 'b', but inside a servlet in 'b'
> I want to test to see if they authenticated themselves in 'a'.
> Is there a way to do this?
> 
> 
> So far, I have only been able to do this using:
> 
> String auth = request.getHeader("Authorization");
> 
> IFF 'b' is under 'a' like this:
> 
> /htdocs/a/b
> 
> --
> Wes Barris
> E-Mail: Wes.Barris@csiro.au
> Phone: 07-3346-2504
> 
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>