httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michele Mase'" <michele.m...@gmail.com>
Subject Re: [users@httpd] proxy_ajp webdav http 1.1 authentication
Date Mon, 27 Oct 2008 13:55:36 GMT
As you suggested, The file (I have omitted it before) is ok (tomcat baseed
basic auth)

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager"/>
  <role rolename="status"/>
  <role rolename="admin"/>
  <user username="tomcat" password="blablabla"
roles="admin,manager,status"/>
</tomcat-users>

The question/matter/problem was:
The app1 and the webdav app works only if:
httpd.conf
...
ok
ProxyPass /app1/ ajp://www.example.com:8009/app1/
ProxyPass / http://www.example.com:8080/
ProxyPassReverse / http://www.example.com:8080/
...
or
ok (tested only few minutes ago)
ProxyPass / ajp://www.example.com:8009/

None of the following works (why??)
ko
ProxyPass /app1/ ajp://www.example.com:8009/app1/
ProxyPass /webdav/ ajp://www.example.com:8009/webdav/

ko
ProxyPass /app1/ http://www.example.com:8080/app1/
ProxyPassReverse /app1/ http://www.example.com:8080/app1/
ProxyPass /webdav/ http://www.example.com:8080/webdav/
ProxyPassReverse /webdav/ http://www.example.com:8080/webdav/

ko
ProxyPass / http://www.example.com:8080/
ProxyPassReverse / http://www.example.com:8080/

My solution was: "using the simplest case"
ProxyPass / ajp://www.example.com:8009/

And both /app1 and /webdav work!

Michele

On Mon, Oct 27, 2008 at 1:47 PM, André Warnier <aw@ice-sa.com> wrote:

> Hi.
>
> Ah ! your Dav is at the Tomcat level, not the Apache level.
> And that's also where the Dav authentication is being done.
>
> In other words, no authentication and no Dav is being handled at the Apache
> level, so it has nothing to do with the Apache proxying, which probably
> works fine.
>
> I believe this question should be reposted to the Tomcat mailing list, at "
> users@tomcat.apache.org".
>
> In the meantime, my guess is that you have not created the appropriate user
> and role for the authentication under Tomcat.
> Just as a tip :
> In your Tomcat/conf directory, there should be a file "tomcat-users.xml".
>  That's where users and roles are defined.
> According to your <security-constraint> in the Dav webapp setup below,
> you should have something like this in tomcat-users.xml :
>
> <role rolename="admin"/>
> <user username="davuser" password="xxxxx" roles="admin"/>
> (add it if it's not there)
>
> and then use the user "davuser" and the password you chose for logging in
> when you DAV pops up its authentication dialog.
>
> If that does not work, then ask further on the Tomcat list.
>
>
>
>
>
> Michele Mase' wrote:
>
>> here is the conf:
>>
>> Frontend server:
>> <VirtualHost *:80>
>>        ServerName www.example.com
>>        ProxyPass /favicon.ico !
>>        ProxyPass /robots.txt !
>>        ProxyPass /images/ !
>>        ProxyPass /balancer !
>>        ProxyPass /status !
>>        ProxyPass /manager !
>>        ProxyPass /host-manager !
>>        ProxyPass /docs !
>>        ProxyPass /examples !
>>        ProxyPass /app1/ ajp://www.example.com:8009/app1/
>>        ProxyPass / http://www.example.com:8080/
>>        ProxyPassReverse / http://www.example.com:8080/
>> </VirtualHost>
>>
>> Tomcat:
>> server.xml (default config):
>> ...
>>  <Connector port="8080" protocol="HTTP/1.1"
>>               connectionTimeout="20000"
>>               redirectPort="8443"/>
>> ...
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>
>> $CATALINA_HOME/conf/Catalina/localhost/app1.xml
>> <?xml version="1.0" encoding="UTF-8"?>
>> <Context path="/app1" docBase="/app1">
>>        <Resources className="org.apache.naming.resources.FileDirContext"
>> allowLinking="true" caseSensitive="false" />
>> </Context>
>>
>> WEB-INF/web.xml of app1 (where the webdav authentication is)
>>
>> <?xml version="1.0" encoding="ISO-8859-1"?>
>> <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
>>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
>> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
>>    version="2.4">
>>  <display-name>Webdav Content Management</display-name>
>>  <description>
>>     Webdav Content Management
>>  </description>
>>  <servlet>
>>    <servlet-name>webdav</servlet-name>
>>
>> <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class>
>>    <init-param>
>>      <param-name>debug</param-name>
>>      <param-value>0</param-value>
>>    </init-param>
>>    <init-param>
>>      <param-name>listings</param-name>
>>      <param-value>true</param-value>
>>    </init-param>
>>    <init-param>
>>      <param-name>readonly</param-name>
>>      <param-value>false</param-value>
>>    </init-param>
>>  </servlet>
>>  <servlet-mapping>
>>    <servlet-name>webdav</servlet-name>
>>    <url-pattern>/*</url-pattern>
>>  </servlet-mapping>
>>  <security-constraint>
>>    <web-resource-collection>
>>      <web-resource-name>The Entire Web Application</web-resource-name>
>>      <url-pattern>/*</url-pattern>
>>    </web-resource-collection>
>>    <auth-constraint>
>>      <role-name>admin</role-name>
>>    </auth-constraint>
>>  </security-constraint>
>>  <login-config>
>>    <auth-method>BASIC</auth-method>
>>    <realm-name>Tomcat Supported Realm</realm-name>
>>  </login-config>
>>  <security-role>
>>    <description>
>>      An example role defined in "conf/tomcat-users.xml"
>>    </description>
>>    <role-name>admin</role-name>
>>  </security-role>
>>  <welcome-file-list>
>>    <welcome-file/>
>>  </welcome-file-list>
>> </web-app>
>>
>>
>> On Mon, Oct 27, 2008 at 12:16 PM, André Warnier <aw@ice-sa.com> wrote:
>>
>>  Michele Mase' wrote:
>>>
>>>  I've the following problem:
>>>>
>>>> A ftontend server with apache2.2.x (http1.1)
>>>> mod_proxy
>>>> mod_proxy_ajp
>>>>
>>>> A backend server:
>>>> tomcat 6.x with 2 webapps:
>>>> /app1
>>>> /app2 (webdav, basic authentication via http)
>>>>
>>>> Problem:
>>>>
>>>> /app1 works well under proxy_ajp:
>>>> ProxyPass /some_path ajp://server:8009/app1
>>>>
>>>> webdav authentication cannot work under proxy_ajp
>>>> It works only under proxy_http:
>>>> ProxyPass /path http://server/app2
>>>> ProxyPassReverse /path http://server/app2
>>>>
>>>> Are there some limitations in proxy_ajp module?
>>>> Could webdav authentication work with proxy_ajp?
>>>> Michele
>>>>
>>>>  What do you call "webdav authentiation" ?
>>>>
>>> DAV itself does not handle authentication.
>>> It is whatever you put "around it" in your configuration that will do the
>>> authentication.
>>> Can you post the configuration of the section which you configure with
>>> "Dav
>>> on" ?
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message