You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by cgswtsu78 <cg...@proofpoint.com> on 2010/01/14 01:12:27 UTC

[users@httpd] HTTPD Authentication Questions

Hello, 

I'm currently trying to apply apache httpd authentication to a tomcat web
application.  The user authenticates on the apache side and then has a link
within the apache server perl application that sends them over to the tomcat
application (reportsvcs_ws) via mod_jk.  If the user tries to jump to the
tomcat application without first authenticating they're prompted and
successfully directed to the tomcat app if they supply the correct
credentials.  The problem I'm seeing is once in the tomcat application (post
initial auth), the application envokes some web service calls against the
reportsvcs_ws tomcat application and the response is a 401 (auth needed)
error.  So It looks like the fact that the reportsvcs_ws resource is already
authorized isn't persisted on the tomcat side.  Any ideas on how to
troubleshoot or fix this?  My httpd config is below....



<Location "/reportsvcs_ws">

   Order allow,deny

    Allow from all

    AuthType Basic

    AuthName "Report Service"

    AuthUserFile /filepath/file.users

    require valid-user

</Location>

-- 
View this message in context: http://old.nabble.com/HTTPD-Authentication-Questions-tp27154335p27154335.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] HTTPD Authentication Questions

Posted by Boyle Owen <Ow...@six-group.com>.
> -----Original Message-----
> From: cgswtsu78 [mailto:cgray@proofpoint.com] 
> Sent: Thursday, January 14, 2010 1:12 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] HTTPD Authentication Questions
> 
> 
> Hello, 
> 
> I'm currently trying to apply apache httpd authentication to 
> a tomcat web
> application.  The user authenticates on the apache side and 
> then has a link
> within the apache server perl application that sends them 
> over to the tomcat
> application (reportsvcs_ws) via mod_jk.  If the user tries to 
> jump to the
> tomcat application without first authenticating they're prompted and
> successfully directed to the tomcat app if they supply the correct
> credentials.  The problem I'm seeing is once in the tomcat 
> application (post
> initial auth), the application envokes some web service calls 
> against the
> reportsvcs_ws tomcat application and the response is a 401 
> (auth needed)
> error.  So It looks like the fact that the reportsvcs_ws 
> resource is already
> authorized isn't persisted on the tomcat side.  Any ideas on how to
> troubleshoot or fix this?  My httpd config is below....

For Basic Auth to work, the client simply adds a header (containing the
credentials) to the request (there is no state maintained in the
server). If the header is not present, Auth fails. So you need to make
sure the header is present in all requests under that realm.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> 
> 
> <Location "/reportsvcs_ws">
> 
>    Order allow,deny
> 
>     Allow from all
> 
>     AuthType Basic
> 
>     AuthName "Report Service"
> 
>     AuthUserFile /filepath/file.users
> 
>     require valid-user
> 
> </Location>
> 
> -- 
> View this message in context: 
> http://old.nabble.com/HTTPD-Authentication-Questions-tp2715433
5p27154335.html
> Sent from the Apache HTTP Server - Users mailing list archive 
> at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org