You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/02 08:43:13 UTC
DO NOT REPLY [Bug 25055] -
getRemoteUser() returns null - bypass of apache authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055
getRemoteUser() returns null - bypass of apache authentication
stefos@msc.gr changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|getRemoteUser() returns null|getRemoteUser() returns null
|(again) |- bypass of apache
| |authentication
------- Additional Comments From stefos@msc.gr 2003-12-02 07:43 -------
ok, I found a workaround to my problem by placing the <limit> tag directly into
the httpd.conf instead of a .htaccess file
This looks then like this
<VirtualHost....
<Location /protecteddir>
AuthUserFile /path_to_.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter username and password"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
</Location>
I remember from the 3.1 or 3.2 versions that this was the only way to use apache
for protecting jsp pages, but at least on 3.3 and 4.1.24 this worked also with
simple .htaccess files.
I have looked at my old configuration of 4.1.24 and could not find anything that
would explain this, so I assume that this is indeed a bug or just a change in
behaviour of the connector.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org