You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jacob Kjome <ho...@visi.com> on 2003/05/19 16:44:11 UTC
RE: [Repost] tomcat/jk2/apache: authentication not taken into
account for webapps
At 04:35 PM 5/19/2003 +0200, you wrote:
>Hi Jerome,
>
>Yes, definitely use a <Location> tag for your URLs that are being forwarded
>to Tomcat. Have a look at the online Apache documentation at:
>http://httpd.apache.org/docs-2.0/sections.html
>if you are not sure about the difference, and when each directive should
>be used.
>
>
>In addition, you might need to make sure that you have set
>
> tomcatAuthentication="false"
>
>in your Connector definition of your server.xml
>
>In more recent versions of Tomcat (can't remember which version of Tomcat
>4 this changed at),
>if you do not have this set, then your Apache authentication credentials
>will not be visible to your servlet via calls to request.getRemoteUser() -
>they will always be NULL.
Actually, it has *always* been this way if you don't set the
tomcatAuthentication stuff. However, the difference is that on recent
versions of Tomcat (I think as of Tomcat-4.1.13, you need to set the
following in jk2.properties (even if you are using mod_jk and not jk2)
instead of on the connector in server.xml...
request.tomcatAuthentication=false
Jake
>Regards,
>Morgan
>
>
> > -----Original Message-----
> > From: Jacob Kjome [mailto:hoju@visi.com]
> > Sent: Monday, May 19, 2003 14:34
> > To: Tomcat Users List
> > Subject: Re: [Repost] tomcat/jk2/apache: authentication not
> > taken into account for webapps
> >
> >
> >
> > You are pointing to the "webapps" directory. That's only special to
> > Tomcat, not to Apache. That's not the docBase of your
> > application. It is
> > just the dirctory where Tomcat listens for new .war files for
> > automatic
> > deployment. You want to point to some directory inside the webapps"
> > directory. You should probably use the <Location> tag rather
> > than the
> > directory tag such as....
> >
> >
> > <Location "/mycontext">
> > AuthType Basic
> > AuthName "Secure Area"
> > AuthUserFile security/.htpasswd
> > AuthGroupFile security/.htgroup
> > require group admin manager
> > </Location>
> >
> > Jake
> >
> > At 12:58 PM 5/19/2003 +0200, you wrote:
> > >Hi,
> > >
> > >Some days ago, I asked about how making apache requiring
> > authentication
> > >to access some pages served by tomcat (integrated to apache using
> > >mod_jk2). It didn't get much attention. This repost might :9)
> > >
> > >Cheers,
> > >
> > >Jerome
> > >
> > >On Fri, 2003-05-16 at 13:05, Jerome Lacoste @ BBC wrote:
> > > > I am using jk2 to integrate apache 2.0.45 and tomcat 4.1.24. I've
> > > > configured apache to make basic authentication on its different
> > > > paths, whether those are static html pages or cgi scripts without
> > > > problems. But when it comes to prevent non authorized
> > access to web
> > > > apps deployed in Tomcat, I 've noticed that if I access a
> > deployed
> > > > web application using its Context Path, Apache doesn't
> > prompt me for
> > > > authentication.
> > > >
> > > > E.g.
> > > >
> > > > http://my.web.server/my.app
> > > >
> > > > doesn't request a login.
> > > >
> > > > This is surely a configuration problem, but I am not sure
> > what and
> > > > where the correct fix should be applied. I tried adding a file
> > > > called 50_tomcat_webapps.conf in the /etc/http/conf.d directory.
> > > >
> > > > root@mybox # cat 50_tomcat_webapps.conf
> > > > <Directory /var/tomcat4/webapps>
> > > > AllowOverride None
> > > > Options None
> > > > # Network Access Controlllow Network Access and/or Basic Auth
> > > > Order allow,deny
> > > > Allow from all
> > > > # HTTP Basic Authentication
> > > > AuthType Basic
> > > > AuthName "My Title"
> > > > AuthUserFile /var/www/passwd/passwords
> > > > AuthGroupFile /var/www/passwd/groups
> > > > </Directory>
> > > > root@mybox #
> > > >
> > > > But this didn't appear to work.
> > > >
> > > > Any hint?
> > > >
> > > > Jerome
> > > >
> > > >
> > > >
> > --------------------------------------------------------------------
> > > > -
> > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> > >--
> > >Jerome Lacoste (Frisurf) <la...@frisurf.no>
> > >CoffeeBreaks
> > >
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [Repost] tomcat/jk2/apache: authentication not taken into account
for webapps
Posted by "Jerome Lacoste @ BBC" <la...@altern.org>.
Jacob Kjome wrote:
> At 04:35 PM 5/19/2003 +0200, you wrote:
>
>> Hi Jerome,
>>
>> Yes, definitely use a <Location> tag for your URLs that are being
>> forwarded
>> to Tomcat. Have a look at the online Apache documentation at:
>> http://httpd.apache.org/docs-2.0/sections.html
>> if you are not sure about the difference, and when each directive should
>> be used.
>>
>>
>> In addition, you might need to make sure that you have set
>>
>> tomcatAuthentication="false"
>>
>> in your Connector definition of your server.xml
>
OK all thanks for your help. IT seemed like very simple, but I still
don't manage to get it to work...
I've tried and tried all things I could but I am still stuck. I will
then try to describe my environment and the things I tried, hoping that
one of you can find the problem.
My environment:
Software: apache 2.0.45 tomcat 4.1.24 self built mod_jk2
Config (before I started playing with it)
- /etc/tomcat4/jk2.properties is empty (all commented out)
- /etc/tomcat4/server.xml by default contained CoyoteConnector enabled
and Ajp13Connector disabled
- context path is defined in a file called /var/tomcat4/webapps/jira.xml
where the path maps to the docBase
- authentication for Location to 'secure' is done in a conf file put in
the /etc/httpd/conf.d
Content is:
<Location /jira>
AuthType Basic
AuthName "Access Denied"
AuthUserFile /var/www/passwd/passwords
AuthGroupFile /var/www/passwd/groups
</Location>
- workers2.properties (attached)
Things I've tried (different combinations of these things):
- /etc/tomcat4/jk2.properties:
add request.tomcatAuthentication=false
- /etc/tomcat4/server.xml
- disable the CoyoteConnector and enable the AjpConnector instead,
adding the tomcatAuthentication="false" parameter
- played with the Location configuration
- added a trailing slash at the end of the name
<Location /jira/>
....
-tried to put some debugging on
Questions:
Is there any URL where I can check that tomcatAuthentication is
correctly disabled?
Is there any URL where I can see if my authentication directive are
taken into account?
I've checked server-status, server-info and jkstatus without finding the
information I am looking for.
Is there any debugging I could enable that could help me find out the
problem?
Cheers,
Jerome