Return-Path: 
 <cocoon-users-return-23566-apmail-xml-cocoon-users-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-cocoon-users-archive@xml.apache.org
Received: (qmail 8093 invoked by uid 500); 10 Sep 2001 17:51:05 -0000
Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:cocoon-users-help@xml.apache.org>
list-unsubscribe: <mailto:cocoon-users-unsubscribe@xml.apache.org>
list-post: <mailto:cocoon-users@xml.apache.org>
Reply-To: cocoon-users@xml.apache.org
Delivered-To: mailing list cocoon-users@xml.apache.org
Received: (qmail 8071 invoked from network); 10 Sep 2001 17:51:05 -0000
Sender: elisa@sheridanc.on.ca
Message-ID: <3B9CFE5B.7DD49E43@sheridanc.on.ca>
Date: Mon, 10 Sep 2001 13:54:35 -0400
From: Elisa Green <elisa.green@sheridanc.on.ca>
Organization: OnDisC Alliance
X-Mailer: Mozilla 4.7 [en] (X11; I; SunOS 5.8 sun4m)
X-Accept-Language: en
MIME-Version: 1.0
To: Cocoon Users Mail List <cocoon-users@xml.apache.org>
Subject: Cocoon 1.8.2 - .htaccess?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

My search in FAQs and alternative resources have turned up
nothing on cocoon security settings with .htaccess.

We have a virtual host set up on Apache 1.3.14 for a development
space which is to be password protected using .htaccess files. 
Tomcat 3.2.1 and Cocoon 1.8.2 are also set up on our Sun Solaris
5.8 platform.

These are our settings for the virtual host in Apache
(httpd.conf):
Listen 80
Listen xxxx
.
.
.
<VirtualHost xxx.xx.xx.x:xxxx>
DocumentRoot "/usr/local/apache/www"

<Directory />
AllowOverride All
Options None
Allow from all
</Directory>

</VirtualHost>

Tomcat and Cocoon are working well to deliver unprotected pages,
but all .xml pages (handled by the cocoon server) are displayed
without login.

I am hoping that solving this problem will address the strange
behaviour that we have recently had.  This includes a login
dialogue box which does not authenticate for any known userid and
password.  The login dialogue box has to be cancelled many times
(it seems to be related to the complexity of the page).  When all
the dialogue boxes are cancelled, the page is displayed with all
images broken.  Note that if login has already occurred through a
.html or .jsp file (Apache and Tomcat are authenticating as
expected), these same pages are delivered fine.

The .htaccess file is under the www directory and a directory of
images is located under www.

Tomcat settings for cocoon are:
Alias /cocoon /usr/local/tomcat/webapps/cocoon
<Directory "/usr/local/tomcat/webapps/cocoon">
    Options Indexes FollowSymLinks
</Directory>
ApJservMount /cocoon /cocoon
AddType text/xml .xml
AddHandler jserv-servlet .xml

How do I make sure that cocoon does not by-pass .htaccess files?

Elisa
elisa.green@sheridanc.on.ca

---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail: <cocoon-users-help@xml.apache.org>