www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Morton <fmor...@base2inc.com>
Subject mod_auth-any/3697: authentication ignored on servlets directory only
Date Sun, 17 Jan 1999 02:29:53 GMT

>Number:         3697
>Category:       mod_auth-any
>Synopsis:       authentication ignored on servlets directory only
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sat Jan 16 18:30:01 PST 1999
>Originator:     fmorton@base2inc.com
>Release:        1.3.4
uname=>SunOS einstein.base2inc.com 5.7 Generic sun4u sparc SUNW,Ultra-1

gcc 2.8.1
java 1.1.7
apache-jserv 1.0b2 (static)

mod_jserv.c source copied into apache source tree in src/modules/jserv
and compiled in this manner:

./configure --with-layout=GNU --activate-module=src/modules/jserv/mod_jserv.o
then httpd copied into /usr/local/apache/sbin

also configured with --enable-module=rewrite

exhibited same systems both ways
also exhibits the same symptons with apache version 1.3.1
No matter what I do, the authentication is somehow bypassed on the
servlets directory only. Everything works fine on any htdocs directory
as well as the cgi-bin directory.

Servlets are located in /usr/local/apache/share/servlets

access.conf contains the following:

<Directory /usr/local/apache/share/cgi-bin>
Options None
AllowOverride AuthConfig

<Directory /usr/local/apache/share/servlets>
Options None
AllowOverride AuthConfig

Then the same .htaccess file is placed in both the cgi-bin as well as
the servlets directory that looks like:

AuthUserFile /usr/local/apache/security/kit/users
AuthGroupFile /usr/local/apache/security/kit/groups
AuthName "Digital Workflow Toolkit"
AuthType Basic

require user fmorton

Again, this setup works fine with cgi and all htdocs directory,
but not with servlets for some reason. Accessing servlets does not
even ask for a user/password and happily runs the servlet.

The servlet used is the Hello.class file distributed with apache-jserv
that is basically a "hello world" servlet. Couldn't be any simpler.
I can repeat it endlessly in the configuration above, but have not
tried in another enviroment. I suspect this is not so much a software
bug but some particular installation requirement with apache-jserv
combined with the authentication module.

I have tried all other avenues i know of to get this resolved
without success.

[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]

View raw message