On Thu, 19 Aug 2010 21:28:25 +0200, Rainer Jung <rainer.j...@kippdata.de>
wrote:
> On 19.08.2010 21:17, li...@cgi-net.ch wrote:
>> On Thu, 19 Aug 2010 20:57:57 +0200, Rainer
Jung<rainer.j...@kippdata.de>
>> wrote:
>>> On 19.08.2010 20:27, li...@cgi-net.ch wrote:
>>>> Hi List,
>>>>
>>>> I'm running mod_jk on a apache 2.2.14 connecting to a second host,
>>>> running
>>>> tomcat 5 server with a third party application.
>>>> This application is configured to display some company internal
>>>> information when accessing the page directly without any
subdirectory:
>>>> like: http://<servername>/
>>>> A second application part is located under address
>>>> http://<servername>/application -> please note, this is not a
>> directory,
>>>> this is a servlet-mapping made by tomcat (and we can't change the
>> tomcat
>>>> setup as we would loose support for it)
>>>>
>>>> My problem is now, that I only what to grant access to
>>>> http://<servername>/application for external customers through the
>> apache
>>>> mod_jk setup.
>>>> But of some reason do I have trouble implementing this.
>>>
>>> How did you try to achive that?
>>>
>>> JkMount /application|/* worker1
>> I tried it with JkMount /application worker1 and with JkMount
>> /application* worker1
>>
>> Quick question, you've written JkMOunt /application|/, what does the |
>> stand for?
>
> JkMount /application|/* worker1
>
> is a short syntax for the two rules
>
> JkMount /application worker1
> JkMount /application/* worker1
Thanks for that hint, might be useful for further work
>
>>> Is the application deployed on Tomcat using the same context name
>>> "/application"?
>> Yes
>
> Good.
>
>>> What was the exact result, when you tried that?
>> Well it displays the login page, but the formatting of the does not
work,
>> and when I hit the submit button, nothing is happening.
>> Do you think that it is possible that /application does require / to be
>> access able as well (both application coming from the same vendor and
are
>> related to each other)
>
> Aaaah!
>
> Yes it is quote possible that the page contains links to other content
> that does not reside under /application. Those could be CSS (style
> sheets) responsible for correct rendering and JS (JavaScript files)
> responsible for actions when pressing buttons. You can look at the
> source code of the login page or use some browser plugin that shows you
> all links referenced in the page. Some browsers might show you the info
> out of the box.
OK, I'll need to check that - please note that this will require some
time.
>
>>>> The stuff only works if I configure mod_jk to JkMount /* - but with
>> that,
>>>> also the page ttp://<servername>/ is access-able.
>>>> I've also tried it with Rewrite rules (to make sure everything else
>> than
>>>> http://<servername/application is redirected to this address), etc.
but
>>>> nothing was/is working.
>>>
>>> Rewriting will not be necessary as long as the context name on Tomcat
is
>>
>>> "/application".
>>>
>>>> Please find below some information about my setup:
>>>>
>>>> ###
>>>> ### setup information
>>>> ###
>>>> mod_jk version: 1.2.30
>>>> mod_jk httpd configuration (that's how it is working but it will
allow
>>>> access to any application, served by the tomcat server):
>>>> # Some URL Redirecting is required
>>>> RewriteEngine On
>>>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d [OR]
>>>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
>>>> RewriteCond %{REQUEST_URI} !=/application
>>>> RewriteRule .* /application
>>>
>>> Let's remove the rewriting as long as we are debugging your original
>>> problem.
>> OK, I've anyway disabled them already since they were not working
>>
>>>
>>>> # Load Module
>>>> LoadModule jk_module modules/mod_jk.so
>>>> # Worker File
>>>> JkWorkersFile /<path to worker file>/workers.properties
>>>> # Where to put the log
>>>> JkLogFile /<path to log file>/mod_jk.log
>>>> # Log level
>>>> JkLogLevel debug
>>>> # Select the timestamp log format
>>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>>> JkMount /* worker1
>>>>
>>>> mod_jk worker configuration:
>>>> # Define 1 real worker using ajp13
>>>> worker.list=worker1
>>>> # Set properties for worker1 (ajp13)
>>>> worker.worker1.type=ajp13
>>>> worker.worker1.host=chnovmn3.lcsys.ch
>>>> worker.worker1.port=8009
>>>> worker.worker1.connection_pool_timeout=60
>>>> worker.worker1.socket_keepalive=1
>>>
>>> The log snippert you provided was parts of the log produced by
>>> successful requests, i.e. requests that were forwarded to tomcat and
>>> replied stuff. Please do provide the log contents for a request that
>>> does not work, i.e. which does show the problem.
>> I can send you more log files, but I think the problem is more related
>> with the application it self.
>
> Right.
>
>> The error I receive from apache is 404 which means he can not find the
>> document (which indicates that I've made some configuration mistake)
>
> You can look at the Apache access log to check, what other resources the
> browser tries to access. Maybe they are contained in a few other folders
> or have a few file content suffixes you can add with a couple of
> additional JkMounts.
As soon as I've checked the source code of the page, I'll try to go with
this solution.
Hope it works
>
>> General question, is it possible to allow access to /* to make the
stuff
>> working but restrict access for customers to /application
>> (like you can do it with<directory> stanza in apache)
>
> In principle it is possible. The details depend on what "customers" are
> (defined by IP or what?) and which URLs precisely need to be public vs.
> private.
Hmmm, customers can come from everywhere ... so I think this will be
difficult.
Basically the only URL which needs to be public access able is
http://<servername>/application
everything else should remain private
Thanks and all the best,
Simon
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
