DO NOT REPLY [Bug 25055] - getRemoteUser() returns null - bypass of apache authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055 getRemoteUser() returns null - bypass of apache authentication --- Additional Comments From [EMAIL PROTECTED] 2003-12-08 08:28 --- Ben, I did this already. The issue is that that using a .htaccess file does not protect tomcat served requests (*.jsp). It bypasses apache and does not ask for a login/password. I see this in apache 2.047 + tomcat 4.1.29 (both windows and linux) whereas apache 1.3.29 + tomcat 4.1.24 worked fine I do not know if this a tomcat or an apache issue. I'm going to write an email to tomcat-user to see if anyone else experiences this problem. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 25055] - getRemoteUser() returns null - bypass of apache authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055 getRemoteUser() returns null - bypass of apache authentication --- Additional Comments From [EMAIL PROTECTED] 2003-12-08 06:13 --- I strongly suggest adding 'tomcatAuthentication=false' to your Connector /. Yes - this is a change in the default behaviour from older versions (e.g. Tomcat 3). This should fix your problem. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 25055] - getRemoteUser() returns null - bypass of apache authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055 getRemoteUser() returns null - bypass of apache authentication [EMAIL PROTECTED] changed: What|Removed |Added Summary|getRemoteUser() returns null|getRemoteUser() returns null |(again) |- bypass of apache ||authentication --- Additional Comments From [EMAIL PROTECTED] 2003-12-02 07:43 --- ok, I found a workaround to my problem by placing the limit tag directly into the httpd.conf instead of a .htaccess file This looks then like this VirtualHost Location /protecteddir AuthUserFile /path_to_.htpasswd AuthGroupFile /dev/null AuthName Please enter username and password AuthType Basic Limit GET POST require valid-user /Limit /Location I remember from the 3.1 or 3.2 versions that this was the only way to use apache for protecting jsp pages, but at least on 3.3 and 4.1.24 this worked also with simple .htaccess files. I have looked at my old configuration of 4.1.24 and could not find anything that would explain this, so I assume that this is indeed a bug or just a change in behaviour of the connector. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]