> -----Original Message----- > From: cgswtsu78 [mailto:cgray@xxxxxxxxxxxxxx] > Sent: Thursday, January 14, 2010 1:12 AM > To: users@xxxxxxxxxxxxxxxx > Subject: HTTPD Authentication Questions > > > Hello, > > I'm currently trying to apply apache httpd authentication to > a tomcat web > application. The user authenticates on the apache side and > then has a link > within the apache server perl application that sends them > over to the tomcat > application (reportsvcs_ws) via mod_jk. If the user tries to > jump to the > tomcat application without first authenticating they're prompted and > successfully directed to the tomcat app if they supply the correct > credentials. The problem I'm seeing is once in the tomcat > application (post > initial auth), the application envokes some web service calls > against the > reportsvcs_ws tomcat application and the response is a 401 > (auth needed) > error. So It looks like the fact that the reportsvcs_ws > resource is already > authorized isn't persisted on the tomcat side. Any ideas on how to > troubleshoot or fix this? My httpd config is below.... For Basic Auth to work, the client simply adds a header (containing the credentials) to the request (there is no state maintained in the server). If the header is not present, Auth fails. So you need to make sure the header is present in all requests under that realm. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > > > > <Location "/reportsvcs_ws"> > > Order allow,deny > > Allow from all > > AuthType Basic > > AuthName "Report Service" > > AuthUserFile /filepath/file.users > > require valid-user > > </Location> > > -- > View this message in context: > http://old.nabble.com/HTTPD-Authentication-Questions-tp2715433 5p27154335.html > Sent from the Apache HTTP Server - Users mailing list archive > at Nabble.com. > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|