tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Lynch <...@sgi.com>
Subject Re: Authentication isn't working with mod_jk 1.7.3 beta.
Date Fri, 17 Dec 2004 16:11:50 GMT
Is there something special I have to do in mod_jk config file for apache 
2 that I didn't have to do for Apache 1.3 to permit basic authentication? 

Here is the section of the server.xml file dealing with the 
authentication I'm using:

        <Context className="org.apache.catalina.core.StandardContext" 
cachingAllowed="true" 
charsetMapperClass="org.apache.catalina.util.CharsetMapper" 
cookies="true" crossContext="false" debug="99" displayName="Manpower" 
docBase="/usr/local/jakarta-tomcat-4.1.24/work/Standalone/localhost/manager/resources.war"

mapperClass="org.apache.catalina.core.StandardContextMapper" 
path="/resources" privileged="false" reloadable="false" 
swallowOutput="false" useNaming="true" 
wrapperClass="org.apache.catalina.core.StandardWrapper">
          <Realm className="org.apache.catalina.realm.JDBCRealm" 
connectionURL="jdbc:mysql://localhost/authority?password=blah&amp;user=wlc" 
debug="99" driverName="org.gjt.mm.mysql.Driver" roleNameCol="role_name" 
userCredCol="user_pass" userNameCol="user_name" 
userRoleTable="user_roles" userTable="users" validate="true"/>
          <Resource auth="Container" description="DB Connection" 
name="jdbc/Nafo" scope="Shareable" type="javax.sql.DataSource"/>
        </Context>

Jim Lynch wrote:

> I finally got mod_jk to comple on RH 9 for Apache 2, but the 
> authentication doesn't work through the connector.  If I go to port 
> 8080 I get the login popup and am able to enter the app OK, however if 
> I try to go to the default port and connect via mod_jk I get an 
> authentication error.  I never see the popup.
>
> Here is from the log when it works:
>
> 2004-12-15 09:34:01 Authenticator[/resources]: Security checking 
> request GET /resources/input
> 2004-12-15 09:34:01 Authenticator[/resources]:   Checking constraint 
> 'SecurityConstraint[resources, resources1, resources2, resources3, 
> resources4]' against GET /input --> true
> 2004-12-15 09:34:01 Authenticator[/resources]:  Subject to constraint 
> SecurityConstraint[resources, resources1, resources2, resources3, 
> resources4]
> 2004-12-15 09:34:01 Authenticator[/resources]:  Calling checkUserData()
> 2004-12-15 09:34:01 Authenticator[/resources]:   User data constraint 
> has no restrictions
> 2004-12-15 09:34:01 Authenticator[/resources]:  Calling authenticate()
> 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl successfully 
> authenticated
> 2004-12-15 09:34:01 Authenticator[/resources]: Authenticated 'jwl' 
> with type 'BASIC'
> 2004-12-15 09:34:01 Authenticator[/resources]:  Calling accessControl()
> 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl does NOT have 
> role user
> 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl has role admin
> 2004-12-15 09:34:01 Authenticator[/resources]:  Successfully passed 
> all security constraints
> 2004-12-15 09:34:01 StandardContext[/resources]: Mapping 
> contextPath='/resources' with requestURI='/resources/input' and 
> relativeURI='/input'
>
> and here is what it looks like when it doesn't work:
>
> 2004-12-15 09:34:56 Authenticator[/resources]: Security checking 
> request GET /resources/input
> 2004-12-15 09:34:56 Authenticator[/resources]:   Checking constraint 
> 'SecurityConstraint[resources, resources1, resources2, resources3, 
> resources4]' against GET /input --> true
> 2004-12-15 09:34:56 Authenticator[/resources]:  Subject to constraint 
> SecurityConstraint[resources, resources1, resources2, resources3, 
> resources4]
> 2004-12-15 09:34:56 Authenticator[/resources]:  Calling checkUserData()
> 2004-12-15 09:34:56 Authenticator[/resources]:   User data constraint 
> has no restrictions
> 2004-12-15 09:34:56 Authenticator[/resources]:  Calling authenticate()
> 2004-12-15 09:34:56 Authenticator[/resources]:  Failed authenticate() 
> test
>
> In my httpd.conf file I have:
>
> Include /usr/local/tomcat/conf/auto/mod_jk_2.conf
>
> That file looks like:
> LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
> JkWorkersFile /usr/local/tomcat/conf/auto/workers.properties
> JkLogFile /var/log/httpd/mod_jk.log
> #JkLogLevel info
> JkLogLevel debug
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
> JkRequestLogFormat "%w %V %T"
> JkMount /examples/* workerx
> JkMount /resources workerx
> JkMount /resources/* workerx
> JkMount /tomcat-docs workerx
> JkMount /tomcat-docs/* workerx
>
>
> The jk log doesn't shed any light.  It just indicates that a 401 was 
> received from Tomcat when it didn't work.
>
> Any suggestions?
>
> Thanks, Jim.
>
> Partial error from browser:
>
> This server could not verify that you are authorized to access the 
> document requested. Either you supplied the wrong credentials (e.g., 
> bad password), or your browser doesn't understand how to supply the 
> credentials required.
>
> Additionally, a 401 Authorization Required error was encountered while 
> trying to use an ErrorDocument to handle the request.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message