cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Elisa Green <>
Subject Cocoon 1.8.2 - .htaccess?
Date Mon, 10 Sep 2001 17:54:35 GMT
My search in FAQs and alternative resources have turned up
nothing on cocoon security settings with .htaccess.

We have a virtual host set up on Apache 1.3.14 for a development
space which is to be password protected using .htaccess files. 
Tomcat 3.2.1 and Cocoon 1.8.2 are also set up on our Sun Solaris
5.8 platform.

These are our settings for the virtual host in Apache
Listen 80
Listen xxxx
<VirtualHost xxx.xx.xx.x:xxxx>
DocumentRoot "/usr/local/apache/www"

<Directory />
AllowOverride All
Options None
Allow from all


Tomcat and Cocoon are working well to deliver unprotected pages,
but all .xml pages (handled by the cocoon server) are displayed
without login.

I am hoping that solving this problem will address the strange
behaviour that we have recently had.  This includes a login
dialogue box which does not authenticate for any known userid and
password.  The login dialogue box has to be cancelled many times
(it seems to be related to the complexity of the page).  When all
the dialogue boxes are cancelled, the page is displayed with all
images broken.  Note that if login has already occurred through a
.html or .jsp file (Apache and Tomcat are authenticating as
expected), these same pages are delivered fine.

The .htaccess file is under the www directory and a directory of
images is located under www.

Tomcat settings for cocoon are:
Alias /cocoon /usr/local/tomcat/webapps/cocoon
<Directory "/usr/local/tomcat/webapps/cocoon">
    Options Indexes FollowSymLinks
ApJservMount /cocoon /cocoon
AddType text/xml .xml
AddHandler jserv-servlet .xml

How do I make sure that cocoon does not by-pass .htaccess files?


Please check that your question has not already been answered in the
FAQ before posting. <>

To unsubscribe, e-mail: <>
For additional commands, e-mail: <>

View raw message