Re: proxy_ajp webdav http 1.1 authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, sorry, it seems that I misunderstood the problem.
I am also not qualified to answer your proxy questions per se.

My only remark would be : if you are already using Apache as a front-end anyway, why don't you do the whole "Dav thing" at the Apache level, instead of at the Tomcat level ? Would that not be simpler (and in this case more efficient) ?

You of course do what you want, it's a simple question.

It's just that, as far as being a general web server, and for questions of authentication, access control, logging, add-on modules etc.., for the moment at least Apache is quite a bit more flexible and rich than Tomcat.



Michele Mase' wrote:
As you suggested, The file (I have omitted it before) is ok (tomcat baseed
basic auth)

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager"/>
  <role rolename="status"/>
  <role rolename="admin"/>
  <user username="tomcat" password="blablabla"
roles="admin,manager,status"/>
</tomcat-users>

The question/matter/problem was:
The app1 and the webdav app works only if:
httpd.conf
...
ok
ProxyPass /app1/ ajp://www.example.com:8009/app1/
ProxyPass / http://www.example.com:8080/
ProxyPassReverse / http://www.example.com:8080/
...
or
ok (tested only few minutes ago)
ProxyPass / ajp://www.example.com:8009/

None of the following works (why??)
ko
ProxyPass /app1/ ajp://www.example.com:8009/app1/
ProxyPass /webdav/ ajp://www.example.com:8009/webdav/

ko
ProxyPass /app1/ http://www.example.com:8080/app1/
ProxyPassReverse /app1/ http://www.example.com:8080/app1/
ProxyPass /webdav/ http://www.example.com:8080/webdav/
ProxyPassReverse /webdav/ http://www.example.com:8080/webdav/

ko
ProxyPass / http://www.example.com:8080/
ProxyPassReverse / http://www.example.com:8080/

My solution was: "using the simplest case"
ProxyPass / ajp://www.example.com:8009/

And both /app1 and /webdav work!

Michele

On Mon, Oct 27, 2008 at 1:47 PM, André Warnier <aw@xxxxxxxxxx> wrote:

Hi.

Ah ! your Dav is at the Tomcat level, not the Apache level.
And that's also where the Dav authentication is being done.

In other words, no authentication and no Dav is being handled at the Apache
level, so it has nothing to do with the Apache proxying, which probably
works fine.

I believe this question should be reposted to the Tomcat mailing list, at "
users@xxxxxxxxxxxxxxxxx".

In the meantime, my guess is that you have not created the appropriate user
and role for the authentication under Tomcat.
Just as a tip :
In your Tomcat/conf directory, there should be a file "tomcat-users.xml".
 That's where users and roles are defined.
According to your <security-constraint> in the Dav webapp setup below,
you should have something like this in tomcat-users.xml :

<role rolename="admin"/>
<user username="davuser" password="xxxxx" roles="admin"/>
(add it if it's not there)

and then use the user "davuser" and the password you chose for logging in
when you DAV pops up its authentication dialog.

If that does not work, then ask further on the Tomcat list.





Michele Mase' wrote:

here is the conf:

Frontend server:
<VirtualHost *:80>
       ServerName www.example.com
       ProxyPass /favicon.ico !
       ProxyPass /robots.txt !
       ProxyPass /images/ !
       ProxyPass /balancer !
       ProxyPass /status !
       ProxyPass /manager !
       ProxyPass /host-manager !
       ProxyPass /docs !
       ProxyPass /examples !
       ProxyPass /app1/ ajp://www.example.com:8009/app1/
       ProxyPass / http://www.example.com:8080/
       ProxyPassReverse / http://www.example.com:8080/
</VirtualHost>

Tomcat:
server.xml (default config):
...
 <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000"
              redirectPort="8443"/>
...
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

$CATALINA_HOME/conf/Catalina/localhost/app1.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/app1" docBase="/app1">
       <Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true" caseSensitive="false" />
</Context>

WEB-INF/web.xml of app1 (where the webdav authentication is)

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
   version="2.4">
 <display-name>Webdav Content Management</display-name>
 <description>
    Webdav Content Management
 </description>
 <servlet>
   <servlet-name>webdav</servlet-name>

<servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class>
   <init-param>
     <param-name>debug</param-name>
     <param-value>0</param-value>
   </init-param>
   <init-param>
     <param-name>listings</param-name>
     <param-value>true</param-value>
   </init-param>
   <init-param>
     <param-name>readonly</param-name>
     <param-value>false</param-value>
   </init-param>
 </servlet>
 <servlet-mapping>
   <servlet-name>webdav</servlet-name>
   <url-pattern>/*</url-pattern>
 </servlet-mapping>
 <security-constraint>
   <web-resource-collection>
     <web-resource-name>The Entire Web Application</web-resource-name>
     <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>admin</role-name>
   </auth-constraint>
 </security-constraint>
 <login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>Tomcat Supported Realm</realm-name>
 </login-config>
 <security-role>
   <description>
     An example role defined in "conf/tomcat-users.xml"
   </description>
   <role-name>admin</role-name>
 </security-role>
 <welcome-file-list>
   <welcome-file/>
 </welcome-file-list>
</web-app>


On Mon, Oct 27, 2008 at 12:16 PM, André Warnier <aw@xxxxxxxxxx> wrote:

 Michele Mase' wrote:
 I've the following problem:
A ftontend server with apache2.2.x (http1.1)
mod_proxy
mod_proxy_ajp

A backend server:
tomcat 6.x with 2 webapps:
/app1
/app2 (webdav, basic authentication via http)

Problem:

/app1 works well under proxy_ajp:
ProxyPass /some_path ajp://server:8009/app1

webdav authentication cannot work under proxy_ajp
It works only under proxy_http:
ProxyPass /path http://server/app2
ProxyPassReverse /path http://server/app2

Are there some limitations in proxy_ajp module?
Could webdav authentication work with proxy_ajp?
Michele

 What do you call "webdav authentiation" ?

DAV itself does not handle authentication.
It is whatever you put "around it" in your configuration that will do the
authentication.
Can you post the configuration of the section which you configure with
"Dav
on" ?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
 "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
 "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux