Konstantin / Barry / André:
Thank you for replay.
1- No important access log is showed for this issue.
2- I have ROOT webapp deployed in Tomcat.
3- I have Apache connected to Tomcat through JK Connector 1.2.32. (I want to
say the web application works fine if I use an URL to Tomcat, but doesn't
work (only the content within security-constraint) if I use an URL to
Apache.
Platform is OpenSuse 11.4.
4- Details:
*Application structure*:
Andromeda/WebContent/index.jsp (entry page)
Andromeda/WebContent/admin/login.jsp
Andromeda/WebContent/admin/login-error.jsp
Andromeda/WebContent/internal/internal.jsp
Andromeda/WebContent/articles/index.html
The "WebContent/index.jsp" page has two links: a link to
WebContent/internal/internal.jsp", and the other one to
"WebContent/articles/index.html".
The "WebContent/internal/" directory is protected by the following security
constraint in the web.xml file:
---------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Internal</web-resource-name>
<url-pattern>/internal/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>internal-access</role-name>
</auth-constraint>
</security-constraint>
----------------------------------------------------------------
Also, I declared in the web.xml file:
--------------------------------------------------
<!-- Security roles -->
<security-role>
<role-name>internal-access</role-name>
</security-role>
<!-- Form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
------------------------------------------------
And in the tomcat-users.xml file, I set:
------------------------------------------------
<role rolename="internal-access" />
<user username="xx" password="yy" roles="internal-access" />
------------------------------------------------
I can get the entry page with the "http://localhost/AppPrefix/index.jsp"; URL
through Apache server.
When I make click in the internal.jsp link, I get the login.jsp page. That's
wright.
But when I submit the credentials (username: xx / password. yy), I get a
blank page (with http://localhost/Andromeda/internal/j_security_check in the
URL bar), instead of the internal.jsp page.
If I access to entry page with "http://localhost:8080/AppPrefix/index.jsp";
URL, (skipping Apache server,) I can get the internal.jsp page when I submit
the credentials.
Also, if I delete the security constraint, the web application works fine.
The relevant Apache configuration is:
httpd.conf file:
------------------------------------------------------------
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /opt/httpd-2.2.17/conf/workers.properties
JkShmFile /var/log/httpd2.2.17/mod_jk.shm
JkLogFile /var/log/httpd2.2.17/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
<VirtualHost *:80>
ServerAdmin *****@gmail.com
ServerName ASIA
DocumentRoot /opt/apache-tomcat-7.0.12/webapps/
ErrorLog /var/log/httpd2.2.17/andromeda-error_log
CustomLog /var/log/httpd2.2.17/andromeda-access_log combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
JkMount /Andromeda/* worker1
<Directory "/opt/apache-tomcat-7.0.12/webapps/Andromeda">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
---------------------------------------------------------
and workers.properties file:
-----------------------------------------------------
workers.java_home=/usr/java/latest
ps=/
worker.list=worker1
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
----------------------------------------------------
May be, I have a configuration mistake.
Thank you.
--
[Adrián Córdoba]
2011/7/21 André Warnier <a...@ice-sa.com>
> Adrián Córdoba wrote:
>
>> Hi!
>> I have a very simple web application
>> (JSP<http://www.coderanch.com/**forums/f-50/JSP<http://www.coderanch.com/forums/f-50/JSP>>
>> based),
>>
>> deployed on Tomcat webapps directory with a security constraint in order
>> to
>> protect an internal directory. Tomcat (7.0.12) is running behind Apache
>> (2.2.17) web server (httpd).
>>
>> If I try to access to some file within internal directory, directly in
>> Tomcat (*http://localhost:8080/...*), username and password are required,
>> and I can reach the file (if username and password are wright). That's
>> wright!
>>
>> But, *if I try to access the same file within internal directory, through
>> Apache web server* (*http://localhost/...*), username and password are
>> required, but *a blank page is displayed on Firefox navigator*.
>> (If I delete the security constraint, the web application works fine.)
>>
>>
> What is missing in your otherwise good description above, is how you are
> connecting Apache httpd to Tomcat, and maybe some part of the configuration
> thereof.
> Also, on which platform this is running.
>
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org>
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
