You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Jerome Lacoste (Frisurf)" <la...@frisurf.no> on 2003/05/19 12:58:42 UTC
[Repost] tomcat/jk2/apache: authentication not taken into account
for webapps
Hi,
Some days ago, I asked about how making apache requiring authentication
to access some pages served by tomcat (integrated to apache using
mod_jk2). It didn't get much attention. This repost might :9)
Cheers,
Jerome
On Fri, 2003-05-16 at 13:05, Jerome Lacoste @ BBC wrote:
> I am using jk2 to integrate apache 2.0.45 and tomcat 4.1.24.
> I've configured apache to make basic authentication on its different
> paths, whether those are static html pages or cgi scripts without problems.
> But when it comes to prevent non authorized access to web apps deployed
> in Tomcat, I 've noticed that if I access a deployed web application
> using its Context Path, Apache doesn't prompt me for authentication.
>
> E.g.
>
> http://my.web.server/my.app
>
> doesn't request a login.
>
> This is surely a configuration problem, but I am not sure what and where
> the correct fix should be applied.
> I tried adding a file called 50_tomcat_webapps.conf in the
> /etc/http/conf.d directory.
>
> root@mybox # cat 50_tomcat_webapps.conf
> <Directory /var/tomcat4/webapps>
> AllowOverride None
> Options None
> # Network Access Controlllow Network Access and/or Basic Auth
> Order allow,deny
> Allow from all
> # HTTP Basic Authentication
> AuthType Basic
> AuthName "My Title"
> AuthUserFile /var/www/passwd/passwords
> AuthGroupFile /var/www/passwd/groups
> </Directory>
> root@mybox #
>
> But this didn't appear to work.
>
> Any hint?
>
> Jerome
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
--
Jerome Lacoste (Frisurf) <la...@frisurf.no>
CoffeeBreaks
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: [Repost] tomcat/jk2/apache: authentication not taken into
account for webapps
Posted by Jacob Kjome <ho...@visi.com>.
You are pointing to the "webapps" directory. That's only special to
Tomcat, not to Apache. That's not the docBase of your application. It is
just the dirctory where Tomcat listens for new .war files for automatic
deployment. You want to point to some directory inside the webapps"
directory. You should probably use the <Location> tag rather than the
directory tag such as....
<Location "/mycontext">
AuthType Basic
AuthName "Secure Area"
AuthUserFile security/.htpasswd
AuthGroupFile security/.htgroup
require group admin manager
</Location>
Jake
At 12:58 PM 5/19/2003 +0200, you wrote:
>Hi,
>
>Some days ago, I asked about how making apache requiring authentication
>to access some pages served by tomcat (integrated to apache using
>mod_jk2). It didn't get much attention. This repost might :9)
>
>Cheers,
>
>Jerome
>
>On Fri, 2003-05-16 at 13:05, Jerome Lacoste @ BBC wrote:
> > I am using jk2 to integrate apache 2.0.45 and tomcat 4.1.24.
> > I've configured apache to make basic authentication on its different
> > paths, whether those are static html pages or cgi scripts without problems.
> > But when it comes to prevent non authorized access to web apps deployed
> > in Tomcat, I 've noticed that if I access a deployed web application
> > using its Context Path, Apache doesn't prompt me for authentication.
> >
> > E.g.
> >
> > http://my.web.server/my.app
> >
> > doesn't request a login.
> >
> > This is surely a configuration problem, but I am not sure what and where
> > the correct fix should be applied.
> > I tried adding a file called 50_tomcat_webapps.conf in the
> > /etc/http/conf.d directory.
> >
> > root@mybox # cat 50_tomcat_webapps.conf
> > <Directory /var/tomcat4/webapps>
> > AllowOverride None
> > Options None
> > # Network Access Controlllow Network Access and/or Basic Auth
> > Order allow,deny
> > Allow from all
> > # HTTP Basic Authentication
> > AuthType Basic
> > AuthName "My Title"
> > AuthUserFile /var/www/passwd/passwords
> > AuthGroupFile /var/www/passwd/groups
> > </Directory>
> > root@mybox #
> >
> > But this didn't appear to work.
> >
> > Any hint?
> >
> > Jerome
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>--
>Jerome Lacoste (Frisurf) <la...@frisurf.no>
>CoffeeBreaks
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org