Re: Authentication isn't working with mod_jk 1.7.3 beta.
Also, because I found this in the localhost_log.2004 file: 2004-12-17 09:45:15 Authenticator[/resources]: Security checking request GET /resources/input 2004-12-17 09:45:15 Authenticator[/resources]: Checking constraint 'SecurityConstraint[resources, resources1, resources2, resources3, resources4]' against GET /input -- true 2004-12-17 09:45:15 Authenticator[/resources]: Subject to constraint SecurityConstraint[resources, resources1, resources2, resources3, resources4] 2004-12-17 09:45:15 Authenticator[/resources]: Calling checkUserData() 2004-12-17 09:45:15 Authenticator[/resources]: User data constraint has no restrictions 2004-12-17 09:45:15 Authenticator[/resources]: Calling authenticate() 2004-12-17 09:45:15 Authenticator[/resources]: Failed authenticate() test That seems to tell me Tomcat saw something. Jim. To recap, if I go to http://xxx:8080/resources/input it works, if I go to http://xxx/resources/input it fails without ever showing me the basic authentication popup login window. The full error message from the browser is : HTTP Status 401 - *type* Status report *message* *description* _This request requires HTTP authentication ()._ Apache Tomcat/4.1.24 Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.0.40 Server at xxx.sgi.com Port 80 Cox, Charlie wrote: Are you sure Apache is not blocking your request? Enable the AccessLogValve on tomcat and see if your request is getting through. Charlie -Original Message- From: Jim Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 8:28 AM To: Tomcat Users List Subject: Re: Authentication isn't working with mod_jk 1.7.3 beta. That's quite possible but not helpful. The configuration is identical in essence to a working version on apache 1.3. Can anyone tell me what the differences are between the two are? Jim. Mladen Turk wrote: Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. This simply is not true. It works very fine, and the authentication window is showed to the user. Check your config. Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
The request is making a single entry into the log. 198.149.32.31 - - [17/Dec/2004:09:46:27 -0600] GET /resources/input HTTP/1.0 401 667 If I go to port 8080 and get validated, then it works without the port 8080. Jim. Cox, Charlie wrote: Are you sure Apache is not blocking your request? Enable the AccessLogValve on tomcat and see if your request is getting through. Charlie -Original Message- From: Jim Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 8:28 AM To: Tomcat Users List Subject: Re: Authentication isn't working with mod_jk 1.7.3 beta. That's quite possible but not helpful. The configuration is identical in essence to a working version on apache 1.3. Can anyone tell me what the differences are between the two are? Jim. Mladen Turk wrote: Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. This simply is not true. It works very fine, and the authentication window is showed to the user. Check your config. Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
On Fri, 17 Dec 2004 10:55:27 -0500, Jim Lynch [EMAIL PROTECTED] wrote: The request is making a single entry into the log. 198.149.32.31 - - [17/Dec/2004:09:46:27 -0600] GET /resources/input HTTP/1.0 401 667 If I go to port 8080 and get validated, then it works without the port 8080. It's normal that you get a 401 back. Then your browser should display the auth popup. Use a telnet to see the reply sent by Tomcat on both ports. Especially pay attention to the presence of a WWW-Authenticate header. The rest (except the 401 status code) is almost irrelevant. -- x Rémy Maucherat Developer Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
Is there something special I have to do in mod_jk config file for apache 2 that I didn't have to do for Apache 1.3 to permit basic authentication? Here is the section of the server.xml file dealing with the authentication I'm using: Context className=org.apache.catalina.core.StandardContext cachingAllowed=true charsetMapperClass=org.apache.catalina.util.CharsetMapper cookies=true crossContext=false debug=99 displayName=Manpower docBase=/usr/local/jakarta-tomcat-4.1.24/work/Standalone/localhost/manager/resources.war mapperClass=org.apache.catalina.core.StandardContextMapper path=/resources privileged=false reloadable=false swallowOutput=false useNaming=true wrapperClass=org.apache.catalina.core.StandardWrapper Realm className=org.apache.catalina.realm.JDBCRealm connectionURL=jdbc:mysql://localhost/authority?password=blahamp;user=wlc debug=99 driverName=org.gjt.mm.mysql.Driver roleNameCol=role_name userCredCol=user_pass userNameCol=user_name userRoleTable=user_roles userTable=users validate=true/ Resource auth=Container description=DB Connection name=jdbc/Nafo scope=Shareable type=javax.sql.DataSource/ /Context Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. If I go to port 8080 I get the login popup and am able to enter the app OK, however if I try to go to the default port and connect via mod_jk I get an authentication error. I never see the popup. Here is from the log when it works: 2004-12-15 09:34:01 Authenticator[/resources]: Security checking request GET /resources/input 2004-12-15 09:34:01 Authenticator[/resources]: Checking constraint 'SecurityConstraint[resources, resources1, resources2, resources3, resources4]' against GET /input -- true 2004-12-15 09:34:01 Authenticator[/resources]: Subject to constraint SecurityConstraint[resources, resources1, resources2, resources3, resources4] 2004-12-15 09:34:01 Authenticator[/resources]: Calling checkUserData() 2004-12-15 09:34:01 Authenticator[/resources]: User data constraint has no restrictions 2004-12-15 09:34:01 Authenticator[/resources]: Calling authenticate() 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl successfully authenticated 2004-12-15 09:34:01 Authenticator[/resources]: Authenticated 'jwl' with type 'BASIC' 2004-12-15 09:34:01 Authenticator[/resources]: Calling accessControl() 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl does NOT have role user 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl has role admin 2004-12-15 09:34:01 Authenticator[/resources]: Successfully passed all security constraints 2004-12-15 09:34:01 StandardContext[/resources]: Mapping contextPath='/resources' with requestURI='/resources/input' and relativeURI='/input' and here is what it looks like when it doesn't work: 2004-12-15 09:34:56 Authenticator[/resources]: Security checking request GET /resources/input 2004-12-15 09:34:56 Authenticator[/resources]: Checking constraint 'SecurityConstraint[resources, resources1, resources2, resources3, resources4]' against GET /input -- true 2004-12-15 09:34:56 Authenticator[/resources]: Subject to constraint SecurityConstraint[resources, resources1, resources2, resources3, resources4] 2004-12-15 09:34:56 Authenticator[/resources]: Calling checkUserData() 2004-12-15 09:34:56 Authenticator[/resources]: User data constraint has no restrictions 2004-12-15 09:34:56 Authenticator[/resources]: Calling authenticate() 2004-12-15 09:34:56 Authenticator[/resources]: Failed authenticate() test In my httpd.conf file I have: Include /usr/local/tomcat/conf/auto/mod_jk_2.conf That file looks like: LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so JkWorkersFile /usr/local/tomcat/conf/auto/workers.properties JkLogFile /var/log/httpd/mod_jk.log #JkLogLevel info JkLogLevel debug JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /examples/* workerx JkMount /resources workerx JkMount /resources/* workerx JkMount /tomcat-docs workerx JkMount /tomcat-docs/* workerx The jk log doesn't shed any light. It just indicates that a 401 was received from Tomcat when it didn't work. Any suggestions? Thanks, Jim. Partial error from browser: This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For
Re: Authentication isn't working with mod_jk 1.7.3 beta.
That's quite possible but not helpful. The configuration is identical in essence to a working version on apache 1.3. Can anyone tell me what the differences are between the two are? Jim. Mladen Turk wrote: Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. This simply is not true. It works very fine, and the authentication window is showed to the user. Check your config. Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Authentication isn't working with mod_jk 1.7.3 beta.
Are you sure Apache is not blocking your request? Enable the AccessLogValve on tomcat and see if your request is getting through. Charlie -Original Message- From: Jim Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 8:28 AM To: Tomcat Users List Subject: Re: Authentication isn't working with mod_jk 1.7.3 beta. That's quite possible but not helpful. The configuration is identical in essence to a working version on apache 1.3. Can anyone tell me what the differences are between the two are? Jim. Mladen Turk wrote: Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. This simply is not true. It works very fine, and the authentication window is showed to the user. Check your config. Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. This simply is not true. It works very fine, and the authentication window is showed to the user. Check your config. Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
