RE: HTTPD Authentication Questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: cgswtsu78 [mailto:cgray@xxxxxxxxxxxxxx] 
> Sent: Thursday, January 14, 2010 1:12 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject:  HTTPD Authentication Questions
> 
> 
> Hello, 
> 
> I'm currently trying to apply apache httpd authentication to 
> a tomcat web
> application.  The user authenticates on the apache side and 
> then has a link
> within the apache server perl application that sends them 
> over to the tomcat
> application (reportsvcs_ws) via mod_jk.  If the user tries to 
> jump to the
> tomcat application without first authenticating they're prompted and
> successfully directed to the tomcat app if they supply the correct
> credentials.  The problem I'm seeing is once in the tomcat 
> application (post
> initial auth), the application envokes some web service calls 
> against the
> reportsvcs_ws tomcat application and the response is a 401 
> (auth needed)
> error.  So It looks like the fact that the reportsvcs_ws 
> resource is already
> authorized isn't persisted on the tomcat side.  Any ideas on how to
> troubleshoot or fix this?  My httpd config is below....

For Basic Auth to work, the client simply adds a header (containing the
credentials) to the request (there is no state maintained in the
server). If the header is not present, Auth fails. So you need to make
sure the header is present in all requests under that realm.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> 
> 
> <Location "/reportsvcs_ws">
> 
>    Order allow,deny
> 
>     Allow from all
> 
>     AuthType Basic
> 
>     AuthName "Report Service"
> 
>     AuthUserFile /filepath/file.users
> 
>     require valid-user
> 
> </Location>
> 
> -- 
> View this message in context: 
> http://old.nabble.com/HTTPD-Authentication-Questions-tp2715433
5p27154335.html
> Sent from the Apache HTTP Server - Users mailing list archive 
> at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux