httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] proxy_ajp webdav http 1.1 authentication
Date Mon, 27 Oct 2008 14:44:35 GMT
Ok, sorry, it seems that I misunderstood the problem.
I am also not qualified to answer your proxy questions per se.

My only remark would be : if you are already using Apache as a front-end 
anyway, why don't you do the whole "Dav thing" at the Apache level, 
instead of at the Tomcat level ?  Would that not be simpler (and in this 
case more efficient) ?

You of course do what you want, it's a simple question.

It's just that, as far as being a general web server, and for questions 
of authentication, access control, logging, add-on modules etc.., for 
the moment at least Apache is quite a bit more flexible and rich than 
Tomcat.



Michele Mase' wrote:
> As you suggested, The file (I have omitted it before) is ok (tomcat baseed
> basic auth)
> 
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
>   <role rolename="manager"/>
>   <role rolename="status"/>
>   <role rolename="admin"/>
>   <user username="tomcat" password="blablabla"
> roles="admin,manager,status"/>
> </tomcat-users>
> 
> The question/matter/problem was:
> The app1 and the webdav app works only if:
> httpd.conf
> ...
> ok
> ProxyPass /app1/ ajp://www.example.com:8009/app1/
> ProxyPass / http://www.example.com:8080/
> ProxyPassReverse / http://www.example.com:8080/
> ...
> or
> ok (tested only few minutes ago)
> ProxyPass / ajp://www.example.com:8009/
> 
> None of the following works (why??)
> ko
> ProxyPass /app1/ ajp://www.example.com:8009/app1/
> ProxyPass /webdav/ ajp://www.example.com:8009/webdav/
> 
> ko
> ProxyPass /app1/ http://www.example.com:8080/app1/
> ProxyPassReverse /app1/ http://www.example.com:8080/app1/
> ProxyPass /webdav/ http://www.example.com:8080/webdav/
> ProxyPassReverse /webdav/ http://www.example.com:8080/webdav/
> 
> ko
> ProxyPass / http://www.example.com:8080/
> ProxyPassReverse / http://www.example.com:8080/
> 
> My solution was: "using the simplest case"
> ProxyPass / ajp://www.example.com:8009/
> 
> And both /app1 and /webdav work!
> 
> Michele
> 
> On Mon, Oct 27, 2008 at 1:47 PM, André Warnier <aw@ice-sa.com> wrote:
> 
>> Hi.
>>
>> Ah ! your Dav is at the Tomcat level, not the Apache level.
>> And that's also where the Dav authentication is being done.
>>
>> In other words, no authentication and no Dav is being handled at the Apache
>> level, so it has nothing to do with the Apache proxying, which probably
>> works fine.
>>
>> I believe this question should be reposted to the Tomcat mailing list, at "
>> users@tomcat.apache.org".
>>
>> In the meantime, my guess is that you have not created the appropriate user
>> and role for the authentication under Tomcat.
>> Just as a tip :
>> In your Tomcat/conf directory, there should be a file "tomcat-users.xml".
>>  That's where users and roles are defined.
>> According to your <security-constraint> in the Dav webapp setup below,
>> you should have something like this in tomcat-users.xml :
>>
>> <role rolename="admin"/>
>> <user username="davuser" password="xxxxx" roles="admin"/>
>> (add it if it's not there)
>>
>> and then use the user "davuser" and the password you chose for logging in
>> when you DAV pops up its authentication dialog.
>>
>> If that does not work, then ask further on the Tomcat list.
>>
>>
>>
>>
>>
>> Michele Mase' wrote:
>>
>>> here is the conf:
>>>
>>> Frontend server:
>>> <VirtualHost *:80>
>>>        ServerName www.example.com
>>>        ProxyPass /favicon.ico !
>>>        ProxyPass /robots.txt !
>>>        ProxyPass /images/ !
>>>        ProxyPass /balancer !
>>>        ProxyPass /status !
>>>        ProxyPass /manager !
>>>        ProxyPass /host-manager !
>>>        ProxyPass /docs !
>>>        ProxyPass /examples !
>>>        ProxyPass /app1/ ajp://www.example.com:8009/app1/
>>>        ProxyPass / http://www.example.com:8080/
>>>        ProxyPassReverse / http://www.example.com:8080/
>>> </VirtualHost>
>>>
>>> Tomcat:
>>> server.xml (default config):
>>> ...
>>>  <Connector port="8080" protocol="HTTP/1.1"
>>>               connectionTimeout="20000"
>>>               redirectPort="8443"/>
>>> ...
>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>>
>>> $CATALINA_HOME/conf/Catalina/localhost/app1.xml
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <Context path="/app1" docBase="/app1">
>>>        <Resources className="org.apache.naming.resources.FileDirContext"
>>> allowLinking="true" caseSensitive="false" />
>>> </Context>
>>>
>>> WEB-INF/web.xml of app1 (where the webdav authentication is)
>>>
>>> <?xml version="1.0" encoding="ISO-8859-1"?>
>>> <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
>>>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
>>> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
>>>    version="2.4">
>>>  <display-name>Webdav Content Management</display-name>
>>>  <description>
>>>     Webdav Content Management
>>>  </description>
>>>  <servlet>
>>>    <servlet-name>webdav</servlet-name>
>>>
>>> <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class>
>>>    <init-param>
>>>      <param-name>debug</param-name>
>>>      <param-value>0</param-value>
>>>    </init-param>
>>>    <init-param>
>>>      <param-name>listings</param-name>
>>>      <param-value>true</param-value>
>>>    </init-param>
>>>    <init-param>
>>>      <param-name>readonly</param-name>
>>>      <param-value>false</param-value>
>>>    </init-param>
>>>  </servlet>
>>>  <servlet-mapping>
>>>    <servlet-name>webdav</servlet-name>
>>>    <url-pattern>/*</url-pattern>
>>>  </servlet-mapping>
>>>  <security-constraint>
>>>    <web-resource-collection>
>>>      <web-resource-name>The Entire Web Application</web-resource-name>
>>>      <url-pattern>/*</url-pattern>
>>>    </web-resource-collection>
>>>    <auth-constraint>
>>>      <role-name>admin</role-name>
>>>    </auth-constraint>
>>>  </security-constraint>
>>>  <login-config>
>>>    <auth-method>BASIC</auth-method>
>>>    <realm-name>Tomcat Supported Realm</realm-name>
>>>  </login-config>
>>>  <security-role>
>>>    <description>
>>>      An example role defined in "conf/tomcat-users.xml"
>>>    </description>
>>>    <role-name>admin</role-name>
>>>  </security-role>
>>>  <welcome-file-list>
>>>    <welcome-file/>
>>>  </welcome-file-list>
>>> </web-app>
>>>
>>>
>>> On Mon, Oct 27, 2008 at 12:16 PM, André Warnier <aw@ice-sa.com> wrote:
>>>
>>>  Michele Mase' wrote:
>>>>  I've the following problem:
>>>>> A ftontend server with apache2.2.x (http1.1)
>>>>> mod_proxy
>>>>> mod_proxy_ajp
>>>>>
>>>>> A backend server:
>>>>> tomcat 6.x with 2 webapps:
>>>>> /app1
>>>>> /app2 (webdav, basic authentication via http)
>>>>>
>>>>> Problem:
>>>>>
>>>>> /app1 works well under proxy_ajp:
>>>>> ProxyPass /some_path ajp://server:8009/app1
>>>>>
>>>>> webdav authentication cannot work under proxy_ajp
>>>>> It works only under proxy_http:
>>>>> ProxyPass /path http://server/app2
>>>>> ProxyPassReverse /path http://server/app2
>>>>>
>>>>> Are there some limitations in proxy_ajp module?
>>>>> Could webdav authentication work with proxy_ajp?
>>>>> Michele
>>>>>
>>>>>  What do you call "webdav authentiation" ?
>>>>>
>>>> DAV itself does not handle authentication.
>>>> It is whatever you put "around it" in your configuration that will do the
>>>> authentication.
>>>> Can you post the configuration of the section which you configure with
>>>> "Dav
>>>> on" ?
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> The official User-To-User support forum of the Apache HTTP Server
>>>> Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>
>>>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message