-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/10/2014 12:52 PM, André Warnier wrote:
> Daniel Pfeiffer wrote:
>> Since switching from Apache 2.2 authorization gets bypassed for
>> many JkMounts (except jk-status). If I cancel the browser
>> password popup, I get a 401-page. It is not, as I expect, the one
>> from Apache, but instead from JBoss, which it shouldn't have been
>> allowed to talk to. (I found this because unauthorized users are
>> talking to JBoss.)
>>
>> On the receiving end we have both JBoss 4 and Wildfly 7. This is
>> both with "Apache/2.4.3 (Unix) mod_jk/1.2.37" and "Apache/2.4.10
>> (Unix) mod_jk/1.2.40". Configuration is always like
>>
>> <Location /XYZ/*> JkMount XYZ AuthType basic AuthUserFile
>> conf/passwd/XYZ AuthName "XYZ security" Require valid-user
>> </Location>
>>
>> I even have a case where the identical setup (worker definition,
>> <Location>, file permission and content) works on 2.4.3 but not
>> on 2.4.10. For other JkMounts both versions behave wrongly. If I
>> raise the debug level, I don't see anything about how it parses
>> this. When I call the URL, it says there is no directive
>> protecting it.
>>
>> It doesn't make a difference whether AuthName is the same as the
>> Realm in JBoss or not.
>>
>
> Hi. I think that the problem may be the scope of the "JkMount" that
> you have above. I do not think that it is limited to your
> <Location> section. It may be "global", even when it is in that
> section.
>
> Can you try instead :
>
> <Location /XYZ/*> SetHandler jakarta-servlet AuthType basic
> AuthUserFile conf/passwd/XYZ AuthName "XYZ security" Require
> valid-user </Location>
>
> See here for more details :
> https://tomcat.apache.org/connectors-doc/reference/apache.html
> section : Using SetHandler and Environment Variables
>
I think all you might need is JkMount:
<Location /XYZ>
JkMount
AuthType basic
AuthUserFile conf/passwd/XYZ
AuthName "XYZ security"
Require valid-user
</Location>
Also, I don't think that the trailing /* is valid for a simple
Location directive. If you want regular expressions you'll have to use
either LocationMatch or Location ~ (Location followed by the ~)
If you want everything INCLUDING /XYZ protected, then the above
Location directive is what you want.
If you want only things UNDER /XYZ protected (but NOT /XYZ), then you
need:
<Location /XYZ/>
JkMount
AuthType basic
AuthUserFile conf/passwd/XYZ
AuthName "XYZ security"
Require valid-user
</Location>
based on the Apache 2.4.x documentation.
. . . just my two cents
/mde/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
iQEcBAEBAgAGBQJUELC3AAoJEEFGbsYNeTwtfnIH+wR8DiOAV1Q/KTkl9eBcjuUW
nGlg5L04HiyLqIYEYZvM2f3DoaWSnvmU5+D7Wrh1AO34ymkNFu5YzB1m67JV4OZ8
zSafBfnaofwYHFJSwCxNe3Qa3Y/h9A5dwGZzlR9O2N+EAVBLtOLqQTd66HyN8AgK
KLk3g8FvGRynLpT0+TfPhWA+5UJyCoTaQyVCDy37cIMFYg35hdxPreAtCk0gLQEK
Msz7SOU+J0aNNSP6FUMNb7hqzPxlPF/GzEUartazmM1n6HkxXiYIb+Xj81bCi7P2
lH+1W+do1Lxs3++ZZZOrjU28fE5s65BnVIfl1tQcyhYT/9E7cH1KmUcoaxp0iWY=
=HdFz
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
