On Thu, 19 Aug 2010 21:35:40 +0200, <li...@cgi-net.ch> wrote: > On Thu, 19 Aug 2010 21:28:25 +0200, Rainer Jung <rainer.j...@kippdata.de> > wrote: >> On 19.08.2010 21:17, li...@cgi-net.ch wrote: >>> On Thu, 19 Aug 2010 20:57:57 +0200, Rainer > Jung<rainer.j...@kippdata.de> >>> wrote: >>>> On 19.08.2010 20:27, li...@cgi-net.ch wrote: >>>>> Hi List, >>>>> >>>>> I'm running mod_jk on a apache 2.2.14 connecting to a second host, >>>>> running >>>>> tomcat 5 server with a third party application. >>>>> This application is configured to display some company internal >>>>> information when accessing the page directly without any > subdirectory: >>>>> like: http://<servername>/ >>>>> A second application part is located under address >>>>> http://<servername>/application -> please note, this is not a >>> directory, >>>>> this is a servlet-mapping made by tomcat (and we can't change the >>> tomcat >>>>> setup as we would loose support for it) >>>>> >>>>> My problem is now, that I only what to grant access to >>>>> http://<servername>/application for external customers through the >>> apache >>>>> mod_jk setup. >>>>> But of some reason do I have trouble implementing this. >>>> >>>> How did you try to achive that? >>>> >>>> JkMount /application|/* worker1 >>> I tried it with JkMount /application worker1 and with JkMount >>> /application* worker1 >>> >>> Quick question, you've written JkMOunt /application|/, what does the | >>> stand for? >> >> JkMount /application|/* worker1 >> >> is a short syntax for the two rules >> >> JkMount /application worker1 >> JkMount /application/* worker1 > Thanks for that hint, might be useful for further work > >> >>>> Is the application deployed on Tomcat using the same context name >>>> "/application"? >>> Yes >> >> Good. >> >>>> What was the exact result, when you tried that? >>> Well it displays the login page, but the formatting of the does not > work, >>> and when I hit the submit button, nothing is happening. >>> Do you think that it is possible that /application does require / to be >>> access able as well (both application coming from the same vendor and > are >>> related to each other) >> >> Aaaah! >> >> Yes it is quote possible that the page contains links to other content >> that does not reside under /application. Those could be CSS (style >> sheets) responsible for correct rendering and JS (JavaScript files) >> responsible for actions when pressing buttons. You can look at the >> source code of the login page or use some browser plugin that shows you
>> all links referenced in the page. Some browsers might show you the info >> out of the box. > OK, I'll need to check that - please note that this will require some > time. You were right, there were *.js files, which the application is/was sharing between / and /application With JkMount /*.js worker1 everything is working now - except some pictures, but this is fine (can do the same for them too) > >> >>>>> The stuff only works if I configure mod_jk to JkMount /* - but with >>> that, >>>>> also the page ttp://<servername>/ is access-able. >>>>> I've also tried it with Rewrite rules (to make sure everything else >>> than >>>>> http://<servername/application is redirected to this address), etc. > but >>>>> nothing was/is working. >>>> >>>> Rewriting will not be necessary as long as the context name on Tomcat > is >>> >>>> "/application". >>>> >>>>> Please find below some information about my setup: >>>>> >>>>> ### >>>>> ### setup information >>>>> ### >>>>> mod_jk version: 1.2.30 >>>>> mod_jk httpd configuration (that's how it is working but it will > allow >>>>> access to any application, served by the tomcat server): >>>>> # Some URL Redirecting is required >>>>> RewriteEngine On >>>>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d [OR] >>>>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f >>>>> RewriteCond %{REQUEST_URI} !=/application >>>>> RewriteRule .* /application >>>> >>>> Let's remove the rewriting as long as we are debugging your original >>>> problem. >>> OK, I've anyway disabled them already since they were not working >>> >>>> >>>>> # Load Module >>>>> LoadModule jk_module modules/mod_jk.so >>>>> # Worker File >>>>> JkWorkersFile /<path to worker file>/workers.properties >>>>> # Where to put the log >>>>> JkLogFile /<path to log file>/mod_jk.log >>>>> # Log level >>>>> JkLogLevel debug >>>>> # Select the timestamp log format >>>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " >>>>> JkMount /* worker1 >>>>> >>>>> mod_jk worker configuration: >>>>> # Define 1 real worker using ajp13 >>>>> worker.list=worker1 >>>>> # Set properties for worker1 (ajp13) >>>>> worker.worker1.type=ajp13 >>>>> worker.worker1.host=chnovmn3.lcsys.ch >>>>> worker.worker1.port=8009 >>>>> worker.worker1.connection_pool_timeout=60 >>>>> worker.worker1.socket_keepalive=1 >>>> >>>> The log snippert you provided was parts of the log produced by >>>> successful requests, i.e. requests that were forwarded to tomcat and >>>> replied stuff. Please do provide the log contents for a request that >>>> does not work, i.e. which does show the problem. >>> I can send you more log files, but I think the problem is more related >>> with the application it self. >> >> Right. >> >>> The error I receive from apache is 404 which means he can not find the >>> document (which indicates that I've made some configuration mistake) >> >> You can look at the Apache access log to check, what other resources the > >> browser tries to access. Maybe they are contained in a few other folders > >> or have a few file content suffixes you can add with a couple of >> additional JkMounts. > As soon as I've checked the source code of the page, I'll try to go with > this solution. > Hope it works As written above, that was the problem ... I've applied the change and everything is working now. The only thing I have to-do is to redirect 404 return code to http://<server name>/application - but that should not be a problem > >> >>> General question, is it possible to allow access to /* to make the > stuff >>> working but restrict access for customers to /application >>> (like you can do it with<directory> stanza in apache) >> >> In principle it is possible. The details depend on what "customers" are >> (defined by IP or what?) and which URLs precisely need to be public vs. >> private. > Hmmm, customers can come from everywhere ... so I think this will be > difficult. > Basically the only URL which needs to be public access able is > http://<servername>/application > everything else should remain private I'll see how I can implement this, maybe Apache <Location> stanza will work Thanks and all the best, Simon --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org