On Thursday 02 February 2006 15:15, Boyle Owen wrote:

> Anyway, it looks like your apache config is redirecting requests for XLS
> to tomcat. Obviously, this will happen before any .htaccess file is read
> (the file is only read if a request results in a file access in the
> target dir). Therefore it skips the authentication.

"Before" is misleading there.  .htaccess applies only within a directory,
and won't get applied at all for resources outside that directory.  Proxied
resources (including anything coming from tomcat) don't come from any
directory on the Apache server.

> If you do, define the Auth directives in a <Location> container - this
> [I think] will get parsed before the redirect to tomcat.

Yes, that'll work, though again "before" is a red herring.

> Or, implement 
> the password access in Tomcat
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

Indeed, that's the best solution, since Tomcat knows all about
the files, while Apache is (in this instance) just the messenger.


-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to