Return-Path: 
 <tomcat-user-return-28270-qmlist-jakarta-archive-tomcat-user=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 33004 invoked from network); 1 Aug 2002 15:03:27 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 1 Aug 2002 15:03:27 -0000
Received: (qmail 25952 invoked by uid 97); 1 Aug 2002 15:03:21 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org
Received: (qmail 25686 invoked by uid 97); 1 Aug 2002 15:03:18 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 25404 invoked by uid 98); 1 Aug 2002 15:03:15 -0000
X-Antivirus: nagoya (v4198 created Apr 24 2002)
Date: Thu, 1 Aug 2002 10:02:49 -0500 (CDT)
From: Milt Epstein <mepstein@uiuc.edu>
X-X-Sender: <mepstein@staff2.cso.uiuc.edu>
To: Tomcat Users List <tomcat-user@jakarta.apache.org>,
   <jlandin@termnetinc.com>
Subject: RE: Apache Authentication for Tomcat
In-Reply-To: <MOEBKIGGOAHCMGBFOCFGMEBKCHAA.jlandin@termnetinc.com>
Message-ID: <Pine.GSO.4.31.0208010955140.16718-100000@staff2.cso.uiuc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

On Thu, 1 Aug 2002, Josh Landin wrote:

> Milt,
>
> Let me lay out the setup here -- Apache is setup to host multiple Virtual
> Hosts. Such that...
>
> http://intranet1/
> Has a docbase of /drives/a/webapps/intranet1
>
> http://intranet2/
> Has a docbase of /drives/a/webapps/intranet2
>
> etc...
>
> So how could I use the <Location> tag and not affect the other Virtual
> hosts. I simply want to force authentication for the virtual host
> "intranet1" only. I figured adding a <Directory> tag for
> "/drives/a/webapps/intranet1" would do it, but it doesn't.
>
> Suggestions?

I'd try something with either

<Location "/intranet1">
<Directory "/drives/a/webapps/intranet1">

You might have to play around with a few different similar values and
where the lines are placed in your httpd.conf file.

Also, is there any kind of rewriting, or aliasing going on?  That
might change what values you have to use in the above directives.
(That was true in my situation, and I had to try a few different
things before I found something that worked.)

Also, in your Connector tag in tomcat's server.xml, you may need to
add the attribute tomcatAuthentication="false", e.g.:

  <!-- Define an AJP 1.3 Connector on port 8009 -->
  <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
             port="8009" minProcessors="5" maxProcessors="75"
             acceptCount="10" debug="0" tomcatAuthentication="false"/>

I needed to add that in order to have Tomcat use the authenticated
user value from Apache (and then it showed up in the logs -- in one of
your earlier messages, you showed some lines from the logs where the
user showed up on one line but not another).  You might try this
first, actually, that could be your problem.


> > -----Original Message-----
> > From: Milt Epstein [mailto:mepstein@uiuc.edu]
> > Sent: Thursday, August 01, 2002 12:01 AM
> > To: Tomcat Users List
> > Subject: Apache Authentication for Tomcat
> >
> > This is an addition to a thread from a day or two ago.  I didn't pay
> > much attention to it then, because it wasn't something I needed to
> > worry about -- but things change quickly, and now I do need to worry
> > about it :-).  Anyway, it was a thread started by Josh Landin, with
> > contributions from Jacob Kjome and John Turner (and others).  Josh was
> > having some trouble trying to get Apache to handle authentication on
> > some resources that were to be handled by Tomcat.  Here is one of the
> > later messages in the thread from Jacob Kjome:
> >
> > http://marc.theaimsgroup.com/?l=tomcat-user&m=102805925323917&w=2
> >
> > I'm not sure Josh fully appreciated what Jacob was getting at in it.
> > Basically, Directory and Location directives can be used similarly,
> > but Directory is used for actual directories in the filesystem, while
> > Location is used for URLs (URL prefixes, i.e. virtual directories, I
> > guess).  I had to do something similar, and I got it working, but it
> > took playing around with the URL specified in the Location directive
> > to do so.  So anyone, my main reason for posting this is to suggest to
> > Josh that he try using a Location directive, but play around with the
> > URL in it to get the behavior he desires.  It'd be helpful to consider
> > what URLs he wants to have the Location directive applied to.
> >

Milt Epstein
Research Programmer
Systems and Technology Services (STS)
Campus Information Technologies and Educational Services (CITES)
University of Illinois at Urbana-Champaign (UIUC)
mepstein@uiuc.edu


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>