1 Reply Latest reply on Feb 18, 2004 1:47 PM by Alex

    Using Apache basic authentication

    Alex Newbie

      A legacy cgi/perl application needs to connect to a utility deployed in tomcat. The legacy application uses Apache Basic Authentication. I have figured out how to get Tomcat standalone to 'play nicely' with the Apache Authentication but I am having trouble getting it to work with the embedded tomcat.

      I believe the problem is that jboss3.2.3 deploys my wars to a temporary directory, and I cannot alias this directory without having to change my https.conf file every time I restart jboss. I noticed that jboss-3.2.1 used a more repeatable naming structure, but 3.2.3 uses tmp#####war_name.war.

      1) Is there a howto or faq that anyone knows of that explains how to get jboss/tomcat to 'see' that apache has already authenticated the user (and actually get apache to authenticate the user.
      2) Is there anyway to get jboss to always deploy the war to the same directory structure? If I explode the war in deploy, instead of just using the war file, will jboss still create the directory structure under tmp?
      3) The reason I upgraded from 3.2.1. is that tomcat didn't seem to pick up the jk2.properties file and there seemed some indication this was fixed in later releases. I tried copying the jbossweb-tomcat41.sar into 3.2.1 but it complained at startup. There were also indications that people have figured out the jk2.properties problem, but they kept referencing incomplete links, so I couldn't tell where I needed to go for the info.


      Here's what I had come up with which seemed to work with 3.2.1
      Alias /mvh "/usr/local/jboss/server/default/tmp/deploy/server/default/deploy/work/MainEngine/localhost/mvh"

      JkMount /mvh/* tomcat-10
      <Directory "/usr/local/jboss/server/default/tmp/deploy/server/default/deploy/work/MainEngine/localhost/mvh">
      Options Indexes FollowSymlinks MultiViews
      AllowOverride None
      Order allow,deny
      Allow from all
      AuthUserFile /usr/rubicon/prod/etc/.htpasswd
      AuthGroupFile /dev/null
      AuthName "MarketVision"
      AuthType Basic

      <Limit GET PUT POST>
      require valid-user

      #this is so you can use request.getRemoteUser()
      #and get the user from Apache

        • 1. Re: Using Apache basic authentication
          Alex Newbie

          Sorry about the double post. Not sure how I mangaged that.

          I got it working with a similar config.

          In answer to 2, exploding the war into deploy/mvh.war/ seems to have done the trick. At least it allows me to use alias in httpd.conf.

          I also had to add tomcatAuthentication="false" to the AJP13 connector tag in deploy/jbossweb-tomcat41.sar/META-INF/jboss-service.xml

          It now allows apache to do the authentication and if I come from another legacy app, it sees that apache has already done the authentication and I can call getRemoteUser() to find out who I'm dealing with.