You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by cgswtsu78 <cg...@proofpoint.com> on 2010/01/10 23:55:43 UTC

[users@httpd] 401 Error with Basic Auth

 Hello, 
 
I'm using the below httpd configuration in order to secure a Java based
resource 
("/reportsvcs_ws") using basic auth.  When I hit the url
https://host/reportsvcs_ws without authing before, I'm prompted to login as
expected, but I get a http status code of 401 when accessing the resource.

I get the same status code when I do auth prior to accessing the
reportsvcs_ws resource. 
The reportsvcs_ws resource is also using mod_jk to direct the request from
apache to tomcat.  Any ideas?  Of course when I remove the below httpd
configuration the resource is accessible. Any ideas on what may be 
happening? 
 
 <Location "/reportsvcs_ws"> 
    Order allow,deny 
    Allow from all 
    AuthType Basic 
    AuthName "Report Service" 
    AuthUserFile filepath/usersfile 
    require valid-user 
 </Location> 
-- 
View this message in context: http://old.nabble.com/401-Error-with-Basic-Auth-tp27103585p27103585.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] 401 Error with Basic Auth

Posted by cgswtsu78 <cg...@proofpoint.com>.

Hi Eric, 

I'm mimicking what we currently have for other secured resources...although
this is the first java based resource that we're trying to apply basic auth
to.  One thing I do notice in my tomcat log is that the first request to the
secured resource is fine, but any subsequent request throws a 401 and the
below is placed in the log.  Somehow the response coming from the Server to
Client is getting jumbled up.  For some perl resources, we have some
additional properties in the httpd config like defining a 
PerlResponseHandler, maybe there is a Java equivalent that I'm missing...any
suggestions?

httpd config:
<Location "/reportsvcs_ws">
  Order allow,deny
  Allow from all
  AuthType Basic
  AuthName "Report Service"
  AuthUserFile /opt/proofpoint/current/admin/etc/admind/miniserv.users
  require valid-user
</Location>


Tomcat Log:
Jan 11, 2010 7:53:04 AM com.sun.jersey.api.client.filter.LoggingFilter log
INFO: 1 * Client in-bound response
1 < 401
1 < WWW-Authenticate: Basic realm="Report Service"
1 < Date: Mon, 11 Jan 2010 15:53:04 GMT
1 < Vary: Accept-Encoding
1 < Content-Length: 401
1 < Keep-Alive: timeout=15, max=100
1 < Connection: Keep-Alive
1 < Content-Type: text/html; charset=iso-8859-1
1 < Server: Apache/2.2.9
1 <
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

Eric Covener wrote:
> 
> On Sun, Jan 10, 2010 at 5:55 PM, cgswtsu78 <cg...@proofpoint.com> wrote:
>>
>>  Hello,
>>
>>    AuthUserFile filepath/usersfile
> 
> Does this have to be absolute? What does your errorlog say?
> 
> -- 
> Eric Covener
> covener@gmail.com
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/401-Error-with-Basic-Auth-tp27103585p27114095.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] 401 Error with Basic Auth

Posted by Eric Covener <co...@gmail.com>.

On Sun, Jan 10, 2010 at 5:55 PM, cgswtsu78 <cg...@proofpoint.com> wrote:
>
>  Hello,
>
>    AuthUserFile filepath/usersfile

Does this have to be absolute? What does your errorlog say?

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org