You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ivan Eulaers <eu...@yahoo.com> on 2009/11/10 20:26:00 UTC
Hand Authentication to Apache
I have set up a basic "extranet" where clients can browse directories and view the files in those directories. Access is handled by basic authentication of Apache. In the directories that are open for a specific client I've created a .htaccess file (see example below).
Today, Tomcat has been installed on my server. When I now want to access those secured directories, I get an error by Tomcat "The requested resource is not available". How can I repair this?
I've tried adding tomcatAuthentication="false" to <Connector port="21309" protocol="AJP/1.3" /> and restarted Tomcat, but this was not the solution.
Users should be able to browse certain subdirectories as follow:
- User A, B, C should be able to access https://www.../extranet/client1/ and its subdirectories
- User A, D, E, F should be able to access https://www.../extranet/client2/ and its subdirectories
.htaccess-listing
=================
# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
</Files>
# REDIRECT http REQUESTS TO https, BUT AVOID ASKING TWICE FOR PASSWORD
SSLRequireSSL
ErrorDocument 403 https://www.pensionarchitects.be/extranet/docs
AuthType Basic
AuthName "Extranet"
AuthBasicProvider file
AuthUserFile ........
Require valid-user
Options +Indexes
# SET INDEX OPTIONS
IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=50 DescriptionWidth=* SuppressHTMLPreamble SuppressLastModified
# SET DISPLAY ORDER
IndexOrderDefault Descending Name
HeaderName /extranet/header.html
ReadmeName /extranet/footer.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Hand Authentication to Apache
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ivan,
On 11/11/2009 2:43 AM, Ivan Eulaers wrote:
> Tomcat 6 has been installed by my hosting provider, and I don't know
> how it is connected to Apache.
That's going to be a problem: it looks like they mapped more URI
patterns to Tomcat than they should have.
Your .htaccess file does not include any relevant information.
You either need to get access to the httpd configuration, or ask your
provider to tell you what's been mapped to Tomcat.
The error message you are receiving is a 404 NOT FOUND for a particular
path, and the error is coming from Tomcat, not httpd. If you didn't
expect Tomcat to serve that particular path, then the httpd
configuration is forwarding too much traffic to Tomcat. You will have to
take that up with your hosting provider.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr6y9cACgkQ9CaO5/Lv0PAvqwCcCOaw+QtdKvSDb6gwXQYBSQej
RkYAnAxe/BPpfIW9wzAG+bHhARGnXYL6
=CLgO
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Hand Authentication to Apache
Posted by Ivan Eulaers <eu...@yahoo.com>.
Tomcat 6 has been installed by my hosting provider, and I don't know how it is connected to Apache. I'm not a technical expert, and I'm only looking for a solution.
This is my server.xml
<Server port="21305" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="21309" protocol="AJP/1.3" />
<Engine name="Standalone" defaultHost="pa.be" jvmRoute="tomcat114">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
<Host name="pa.be" appBase="/home/virtual/site231/fst/var/www/html" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Alias>www.pa.be</Alias>
--- On Tue, 11/10/09, Christopher Schultz <ch...@christopherschultz.net> wrote:
> From: Christopher Schultz <ch...@christopherschultz.net>
> Subject: Re: Hand Authentication to Apache
> To: "Tomcat Users List" <us...@tomcat.apache.org>
> Date: Tuesday, November 10, 2009, 9:15 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ivan,
>
> On 11/10/2009 2:26 PM, Ivan Eulaers wrote:
> > Today, Tomcat has been installed on my server. When I
> now want to access those secured directories, I get an error
> by Tomcat "The requested resource is not available". How can
> I repair this?
>
> Are you trying to replace Apache httpd with Tomcat? If so,
> Tomcat
> doesn't support .htaccess files.
>
> > I've tried adding tomcatAuthentication="false" to
> <Connector
> > port="21309" protocol="AJP/1.3" /> and restarted
> Tomcat, but this was
> > not the solution.
>
> tomcatAuthentication="false" will allow any authentication
> information
> from Apache httpd to flow into Tomcat, but you still have
> to configure
> access appropriately based upon roles.
>
> > Users should be able to browse certain subdirectories
> as follow:
> > - User A, B, C should be able to access https://www.../extranet/client1/ and its
> subdirectories
> > - User A, D, E, F should be able to access https://www.../extranet/client2/ and its
> subdirectories
> >
> > .htaccess-listing
> > =================
> >
> > # STRONG HTACCESS PROTECTION
> > <Files ~ "^.*\.([Hh][Tt][Aa])">
>
> What, no access to .../.htable files?
>
> It's tough to guess what is being forwarded to Tomcat. Can
> you show us
> your JkMount or <Proxy> directives that you have
> configured?
>
> Also, please provide a specific example of a URL that fails
> to load
> properly, what the error is, and what you expected to
> happen.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkr5yfYACgkQ9CaO5/Lv0PDPLACeIP2nLA8U8yB2W8BH1rkbswZx
> gYkAnR3q1h80kufY3dZx1dFaCTuXKig/
> =yloJ
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Hand Authentication to Apache
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ivan,
On 11/10/2009 2:26 PM, Ivan Eulaers wrote:
> Today, Tomcat has been installed on my server. When I now want to access those secured directories, I get an error by Tomcat "The requested resource is not available". How can I repair this?
Are you trying to replace Apache httpd with Tomcat? If so, Tomcat
doesn't support .htaccess files.
> I've tried adding tomcatAuthentication="false" to <Connector
> port="21309" protocol="AJP/1.3" /> and restarted Tomcat, but this was
> not the solution.
tomcatAuthentication="false" will allow any authentication information
from Apache httpd to flow into Tomcat, but you still have to configure
access appropriately based upon roles.
> Users should be able to browse certain subdirectories as follow:
> - User A, B, C should be able to access https://www.../extranet/client1/ and its subdirectories
> - User A, D, E, F should be able to access https://www.../extranet/client2/ and its subdirectories
>
> .htaccess-listing
> =================
>
> # STRONG HTACCESS PROTECTION
> <Files ~ "^.*\.([Hh][Tt][Aa])">
What, no access to .../.htable files?
It's tough to guess what is being forwarded to Tomcat. Can you show us
your JkMount or <Proxy> directives that you have configured?
Also, please provide a specific example of a URL that fails to load
properly, what the error is, and what you expected to happen.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr5yfYACgkQ9CaO5/Lv0PDPLACeIP2nLA8U8yB2W8BH1rkbswZx
gYkAnR3q1h80kufY3dZx1dFaCTuXKig/
=yloJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Hand Authentication to Apache
Posted by Pid <pi...@pidster.com>.
On 10/11/2009 19:26, Ivan Eulaers wrote:
> I have set up a basic "extranet" where clients can browse directories and view the files in those directories. Access is handled by basic authentication of Apache. In the directories that are open for a specific client I've created a .htaccess file (see example below).
>
> Today, Tomcat has been installed on my server. When I now want to access those secured directories, I get an error by Tomcat "The requested resource is not available". How can I repair this?
>
> I've tried adding tomcatAuthentication="false" to<Connector port="21309" protocol="AJP/1.3" /> and restarted Tomcat, but this was not the solution.
>
> Users should be able to browse certain subdirectories as follow:
> - User A, B, C should be able to access https://www.../extranet/client1/ and its subdirectories
> - User A, D, E, F should be able to access https://www.../extranet/client2/ and its subdirectories
>
> .htaccess-listing
> =================
>
> # STRONG HTACCESS PROTECTION
> <Files ~ "^.*\.([Hh][Tt][Aa])">
> order allow,deny
> deny from all
> </Files>
>
> # REDIRECT http REQUESTS TO https, BUT AVOID ASKING TWICE FOR PASSWORD
> SSLRequireSSL
> ErrorDocument 403 https://www.pensionarchitects.be/extranet/docs
>
> AuthType Basic
> AuthName "Extranet"
> AuthBasicProvider file
> AuthUserFile ........
> Require valid-user
>
> Options +Indexes
> # SET INDEX OPTIONS
> IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=50 DescriptionWidth=* SuppressHTMLPreamble SuppressLastModified
>
> # SET DISPLAY ORDER
> IndexOrderDefault Descending Name
>
> HeaderName /extranet/header.html
> ReadmeName /extranet/footer.html
We'll be needing the Tomcat config (server.xml) and some idea of how the
two servers are connected.
Who installed Tomcat? What version?
p
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org