You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Boemio, Neil (GEI, FGI)" <Ne...@ge.com> on 2003/09/30 17:16:34 UTC

Apache Authentication with Tomcat

I'm trying to protect a /downloads url in apache.   My webapp in Tomcat is in ROOT.  So in the workers2.properties file under apache, I have:

# Map the webapp to the Web server uri space
[uri:/*]
info=my website

So my app is working fine .... requests for /* are passed to Tomcat and things are wonderful.
But I want to protect /downloads using apache.  But there really is no directory under apache called \apache\apache2\htdocs\downloads.  There is no need for one since requests are sent to Tomcat.  The real directory is \Tomcat4.1\webapps\ROOT\downloads.

When I remove [uri:/*] from workers2.properties and create a dummy htdocs\downloads directory under apache, the apache authentication works fine.  But when I put [uri:/*] back, I do not get prompted for ID/Password.  Here is what I have in httpd.conf.  Any ideas?

<Directory d:\Apache\Apache2\htdocs\downloads>
    AuthType Basic
    AuthName "FGIC Downloads"
    AuthUserFile d:\apache\apache2\conf\passwords
    AuthGroupFile d:\apache\apache2\conf\groups
    Require group FGICMoodys
</Directory>

I tried using: <Directory d:\Tomcat4.1\webapps\ROOT\downloads> but that didn't work.  Ideally, I want to tell apache to protect a URL not a file system path, but obviously, that is not the syntax for the Directory directive.

Windows 2000
Tomcat 4.1.27
Apache 2.0.47
JK2 2.0.43

Re: Apache Authentication with Tomcat

Posted by Nikola Milutinovic <Ni...@ev.co.yu>.

> When I remove [uri:/*] from workers2.properties and create a dummy
> htdocs\downloads directory under apache, the apache authentication works
> fine.  But when I put [uri:/*] back, I do not get prompted for ID/Password.
> Here is what I have in httpd.conf.  Any ideas?
>
> <Directory d:\Apache\Apache2\htdocs\downloads>
>     AuthType Basic
>     AuthName "FGIC Downloads"
>     AuthUserFile d:\apache\apache2\conf\passwords
>     AuthGroupFile d:\apache\apache2\conf\groups
>     Require group FGICMoodys
> </Directory>

Since there is no such "directory", Apache cannot protect it. Use <Location /downloads> instead.

> I tried using: <Directory d:\Tomcat4.1\webapps\ROOT\downloads> but that
> didn't work.

This would have worked, had the Apache ever accessed *that* dir. But it is in Tomcat's paths and Apache never goes there - it sends requests to the connector.

Nix.