tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrián Córdoba <adr.cord...@gmail.com>
Subject Re: Tomcat behind Apache and security-constraint
Date Thu, 21 Jul 2011 18:01:00 GMT
Konstantin / Barry / André:
Thank you for replay.

1- No important access log is showed for this issue.

2- I have ROOT webapp deployed in Tomcat.

3- I have Apache connected to Tomcat through JK Connector 1.2.32. (I want to
say the  web application works fine if I use an URL to Tomcat, but doesn't
work (only the content within security-constraint) if I use an URL to
Apache.
Platform is OpenSuse 11.4.

4- Details:
*Application structure*:
Andromeda/WebContent/index.jsp (entry page)
Andromeda/WebContent/admin/login.jsp
Andromeda/WebContent/admin/login-error.jsp
Andromeda/WebContent/internal/internal.jsp
Andromeda/WebContent/articles/index.html

The "WebContent/index.jsp" page has two links: a link to
WebContent/internal/internal.jsp", and the other one to
"WebContent/articles/index.html".
The "WebContent/internal/" directory is protected by the following security
constraint in the web.xml file:

---------------------------------------------------
<security-constraint>
  <web-resource-collection>
    <web-resource-name>Internal</web-resource-name>
    <url-pattern>/internal/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>internal-access</role-name>
  </auth-constraint>
</security-constraint>
----------------------------------------------------------------

Also, I declared in the web.xml file:

--------------------------------------------------
<!-- Security roles -->
  <security-role>
    <role-name>internal-access</role-name>
  </security-role>

<!-- Form-based authentication -->
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/admin/login.jsp</form-login-page>
      <form-error-page>/admin/login-error.jsp</form-error-page>
    </form-login-config>
  </login-config>
------------------------------------------------

And in the tomcat-users.xml file, I set:

------------------------------------------------
<role rolename="internal-access" />
<user username="xx" password="yy" roles="internal-access" />
------------------------------------------------

I can get the entry page with the "http://localhost/AppPrefix/index.jsp" URL
through Apache server.
When I make click in the internal.jsp link, I get the login.jsp page. That's
wright.
But when I submit the credentials (username: xx / password. yy), I get a
blank page (with http://localhost/Andromeda/internal/j_security_check in the
URL bar), instead of the internal.jsp page.

If I access to entry page with "http://localhost:8080/AppPrefix/index.jsp"
URL, (skipping Apache server,) I can get the internal.jsp page when I submit
the credentials.
Also, if I delete the security constraint, the web application works fine.

The relevant Apache configuration is:

httpd.conf file:

------------------------------------------------------------
LoadModule    jk_module  modules/mod_jk.so
JkWorkersFile /opt/httpd-2.2.17/conf/workers.properties
JkShmFile     /var/log/httpd2.2.17/mod_jk.shm
JkLogFile     /var/log/httpd2.2.17/mod_jk.log
JkLogLevel    info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

<VirtualHost *:80>
ServerAdmin *****@gmail.com
ServerName ASIA
DocumentRoot /opt/apache-tomcat-7.0.12/webapps/
ErrorLog /var/log/httpd2.2.17/andromeda-error_log
CustomLog /var/log/httpd2.2.17/andromeda-access_log combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
JkMount  /Andromeda/* worker1
  <Directory "/opt/apache-tomcat-7.0.12/webapps/Andromeda">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>
---------------------------------------------------------

and workers.properties file:

-----------------------------------------------------
workers.java_home=/usr/java/latest
ps=/

worker.list=worker1
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
----------------------------------------------------

May be, I have a configuration mistake.

Thank you.

--
[Adrián Córdoba]



2011/7/21 André Warnier <aw@ice-sa.com>

> Adrián Córdoba wrote:
>
>> Hi!
>> I have a very simple web application
>> (JSP<http://www.coderanch.com/**forums/f-50/JSP<http://www.coderanch.com/forums/f-50/JSP>>
>> based),
>>
>> deployed on Tomcat webapps directory with a security constraint in order
>> to
>> protect an internal directory. Tomcat (7.0.12) is running behind Apache
>> (2.2.17) web server (httpd).
>>
>> If I try to access to some file within internal directory, directly in
>> Tomcat (*http://localhost:8080/...*), username and password are required,
>> and I can reach the file (if username and password are wright). That's
>> wright!
>>
>> But, *if I try to access the same file within internal directory, through
>> Apache web server* (*http://localhost/...*), username and password are
>> required, but *a blank page is displayed on Firefox navigator*.
>> (If I delete the security constraint, the web application works fine.)
>>
>>
> What is missing in your otherwise good description above, is how you are
> connecting Apache httpd to Tomcat, and maybe some part of the configuration
> thereof.
> Also, on which platform this is running.
>
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message