httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ion Larrañaga <>
Subject RE: [users@httpd] Apache Basic Authorization and Java
Date Thu, 29 Aug 2002 13:20:19 GMT


Then I think my proposal could work if instead of protecting / you protected
the servlet path. Even if you use Tomcat, Apache still processes your
servlet request, and I would bet (I haven't tried it myself) that you could

<Location /your/servlet/url>
AuthType Basic
AuthName Login
Require valid-user
AuthUserFile "C:/Programme/Apache/Apache/conf/mod_auth.users"

This way, your user would:

- Connect to (No login request here because
index.html not protected)
- Download your applet (Again, no login request because /classes/ice not
- The applet would make the request
. Before being sent to Tomcat, Apache would process the request and would
see that the location is protected. Then it would request user
authentication. So, the login would be requested here and only here. Once
the user sends a valid login/password, the request would pass to Tomcat.

This may have some problems:

- Your index.html page should be only a welcome page and download of the
applet. No private information should be displayed here as this page is not

- Same for the applet before making the request to the protected page.
Anyone will be able to download this applet, so it shouldn't contain private

- I don't know if Apache-Tomcat with authentication in Apache would work as
I think (any comment from someone in the list?). If it doesn't, you could
make Tomcat authenticate the user, not Apache.

If this is not acceptable for you, there are other solutions. For instance,
index.html could be another servlet that made the authentication itself (not
relying in Apache or Tomcat) and generated a session that would be passed to
the applet so that it could demonstrate /your/servlet/url that it has

I hope I have helped you with any of these ones, or maybe given you any
ideas about how you can do it.

   Ion Larrañaga

-----Mensaje original-----
De: Skladovs, Victor []
Enviado el: jueves, 29 de agosto de 2002 14:46
Asunto: AW: [users@httpd] Apache Basic Authorization and Java

Hi, Ion!

You've understood almost right.
1. /index.html (ROOT) is protected.
2. all my appplets and client - classes lie in /classes/ice
3. my servlets lie NOT under Apache, but under Tomcats Webapps
(Tomcat\webapps\myproject\WEB-INF\classes). Apache communicates with
Tomcat through the module mod_jk.

The Hard Disc structure looks as following:
C:\ice_wr\APACHE ROOT\html
C:\ice_wr\APACHE ROOT\classes\ice

What do I do:
1. I call my server:

The first dialog (from Apache)is being opened.

2. From a HTML-Site(lies in C:\ice_wr\APACHE ROOT\html) I try to load my
applet, which lie in C:\ice_wr\APACHE ROOT\classes\ice. From this applet
I call my servlet that lies in
C:\Apache\TOMCAT\webapps\myproject\WEB-INF\classes. In this point I've
got the second dialog.

Any ideas?


-----Ursprüngliche Nachricht-----
Von: Ion Larrañaga []
Gesendet: Donnerstag, 29. August 2002 14:27
Betreff: RE: [users@httpd] Apache Basic Authorization and Java


I'll tell you what I understood from your previous mails, maybe I'm

I think that you want a user to connect to a web page (for instance,
/index.html) which requires authentication. After the user has given a
login and password, an applet is downloaded from /classes/ice and,
applet execution, it connects to another protected web page (for
/application/servlet.html) which is served by Tomcat.

So your problem would be that the user has to provide login and password
twice: once when downloading index.html and the other one when the
tries to connect to /application/servlet.html. Is this correct?

If I'm right, I think you could:

  - Leave unprotected both /index.html and /classes/ice
  - Protect /application/servlet.html

Of course, that would only work if the main page and the applet didn't
contain any critical information before connecting to the servlet.

Maybe I didn't understand your application. If that's the case, could
explain it in more detail?

   Ion Larrañaga

-----Mensaje original-----
De: Skladovs, Victor []
Enviado el: jueves, 29 de agosto de 2002 13:56
Asunto: AW: [users@httpd] Apache Basic Authorization and Java

Hi, Ion!

I've already tried out that you've proposed. It failed. Reason: I can
read data from Http (for example, request.getRemoteUser()) ONLY if I
protect root.
In my httpd.conf:

<Location />
AuthType Basic
AuthName Login
Require valid-user
AuthUserFile "C:/Programme/Apache/Apache/conf/mod_auth.users"

The problem appears when I load my applets which lie in /classes/ice.
Then I changed my httpd.conf to

<Location /classes/ice>
AuthType Basic
AuthName Login
Require valid-user
AuthUserFile "C:/Programme/Apache/Apache/conf/mod_auth.users"

Yes, I've got the auth. dialog only once then, but user and password are
being not forwarded further. Why? What am I doing wrong?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message