You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Morgan Pyne <Mo...@eur.sas.com> on 2003/06/02 16:50:09 UTC
RE: [Re-repost] tomcat/jk2/apache: authentication not taken into account for webapps
Hi Jacob,
(got your name right this time :-)
Things to verify/try
1. The webserver has successfully authenticated the request, and you can see this
username appearing in the Apache access log. You mention that CGI's and other PHP pages
authenticate correctly, but verify that the URL of your servlet is also
being correctly authenticated in this way. If you have multiple location & directory
directives in Apache specifying access controls they can often interact in
non-obvious ways.
2. You are using the latest jk2 module version.
3. If you are still hitting a brick wall with this, try using mod_jk instead of jk2 as
a test and see if this makes a difference.
Good luck!
Morgan
> -----Original Message-----
> From: Jerome Lacoste @ BBC [mailto:lacostejbbc@altern.org]
> Sent: Wednesday, May 28, 2003 14:11
> To: Tomcat Users List
> Subject: [Re-repost] tomcat/jk2/apache: authentication not
> taken into account for webapps
>
>
> Still stuck... Need help on how to debug authentication.
>
> Morgan Pyne wrote:
>
> >Hi Jacob,
> >
> Hi Morgan,
>
> The name is Jerome :) Jacob was a guy who replied to me!
>
> >I should have mentioned in my earlier post that the
> >tomcatAuthentication="false" should only be part of the connector
> >definition of the server.xml if you are using the AJP13Connector.
> >
> >If you are using the Coyote Connector, it should be in the
> >jk2.properties files, e.g.
> >request.tomcatAuthentication="false"
> >
> >However, it seems you are aware of this already.
> >
> I am using the Coyote Connector. The block for the AJP13Connector is
> commented out in the server.xml config file.
> jk2.properties contains
>
> request.tomcatAuthentication="false"
>
>
> (and that's the only uncommented line).
>
> >The simplest way to verify that the authentication information is
> >indeed being passed through from Tomcat to Apache is just to
> print the
> >value of request.getRemoteUser() in your servlet.
> >
>
> I've tried that and the retirved RemoteUser is always null.
> So I guess
> that this proves the authentication is not working.
> I've tried to add debugging and logging, but perhaps not to the right
> places.
>
> I've done the following
>
> ** Added debugging to workers2.properties
>
> > cat /etc/httpd/conf/workers2.properties
> [logger]
> level=DEBUG
> file=${serverRoot}/logs/jk2.log
> # Define the communication channel
> [channel.socket:localhost:8009] info=Ajp13 forwarding over
> socket tomcatId=localhost:8009 debug=10 # Map /jkstatus to
> the status worker [shm] file=${serverRoot}/logs/shm.file
> size=1048576 debug=10 .... [uri:/examples/*] info=JSPs
> Servlets Examples debug=10
>
> ** Added debugging to server.xml
>
> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> port="8009" minProcessors="5" maxProcessors="75"
> enableLookups="true" redirectPort="8443"
> acceptCount="10" debug="10" connectionTimeout="0"
> useURIValidationHack="false"
>
> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler" />
>
> but still the information logged doesn't seem to satisfy my debugging
> needs. I am not sure what to search for neither.
>
> >You previously stated that you are getting prompted for your
> >credentials when you browse to the page, so the Apache side of
> >things appears to be working.
> >
> Yes. cgi scripts and other PHP pages correctly require authentication.
>
> >It sounds like you have tried the various pieces necessary to get
> >this to work, but perhaps not all together at the same time :-) (?)
> >
> >Either that, or you are hitting a bug somewhere.
> >
> >
> I will not say I am 100 % sure I am doing the right thing,
> but after all
> I spent enough time on it that it makes me think that there is a bug
> somewhere...
> Anybody can allocate some of his/her brain cells to try to
> solve this pb ?
>
> Cheers,
>
> Jerome
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [Re-repost] tomcat/jk2/apache: authentication not taken into
account for webapps
Posted by "Jerome Lacoste @ BBC" <la...@altern.org>.
Morgan Pyne wrote:
>Hi Jacob^B^B^B^B^BJerome,
>
>
;)
>Things to verify/try
>
>1. The webserver has successfully authenticated the request, and you can see this
> username appearing in the Apache access log. You mention that CGI's and other PHP pages
> authenticate correctly, but verify that the URL of your servlet is also
> being correctly authenticated in this way.
>
No. No username (in /var/log/httpd/access.log) for the requests to
access pages served by my servlets.
>If you have multiple location & directory
> directives in Apache specifying access controls they can often interact in
> non-obvious ways.
>
I just have the defaults directory and location (mostly manuals). I've
just added:
- one location for viewcvs (CGI script)
- 2 locations for my servlets (one for examples and one for my other apps)
AFAIK the CGI script work ok.
>2. You are using the latest jk2 module version.
>
I am using mod_jk2 2.0.3-dev which bundled in
jakarta-tomcat-connectors-4.1.24-src.tar.gz
See http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.24/src/
Released March 2003
Is that too old?
If yes, I've tried to find a nightly, but couldn't. Do I have to use CVS
to build something more recent? I'd rather use a nightly.
>3. If you are still hitting a brick wall with this, try using mod_jk instead of jk2 as
> a test and see if this makes a difference.
>
I was trying to avoid that. I've never used mod_jk and that's once again
something new. I guess I will have to try that if you think my version
of mod_jk2 is current enough.
>Good luck!
>Morgan
>
Jerome
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org