[Thread Prev][Thread Next][Index]
Re: Q: user and passwd protection
Yingshuo,
I have the ip-control way worked. Thanks a lot.
There are some concerns about running the protection.
1) Is there string length limitation for the attribute "allow" of the <Context>
tag? If so, I might have problem to allow more IPs to our LAS. I tried to have
more <Valve> tags under the <Context>, but that didn't work.
2) Is it possible to use the SSL HTTP/1.1 Connector that is commented out in
the server.xml file? I tried modify the server.xml file that way, but could not
going through it.
Over all, the passwd protection is better than the IP-control protection, in my
case. Does the LAS future release will have this feature?
Bob
yingshuo shen wrote:
> bob,
>
> you may set the path relative to your tomcat's webapps, in your case it
> seems /las
>
> in your default server.xml ... you may find
>
> <Context path="/manager" docBase="manager" debug="0" privileged="true"/>
>
> so you may add this just before that part... it should be fine
>
> ----- Original Message -----
> From: "Bob Yu" <yuy@nemo.gsfc.nasa.gov>
> Cc: <las_users@ferret.wrc.noaa.gov>
> Sent: Monday, June 30, 2003 5:48 AM
> Subject: Re: Q: user and passwd protection
>
> > Hi Yingshuo and Steve,
> >
> > I'd like to to try the IP control access. Yingshuo, will you tell me that
> in the
> > server.xml, under which tag I should add the <Context> tag? How to specify
> the
> > path and docBase attributes? If my las is installed at /home/yuy/las,
> shoild I
> > set the path="/home/yuy/las"?
> >
> > Thanks.
> >
> > yingshuo shen wrote:
> >
> > > steve and bob,
> > >
> > > las6 is very different from las5 because it uses java servlet... one
> way
> > > to put restriction that seems very easy is to control IP address access.
> > >
> > > in conf/server.xml
> > >
> > > add
> > >
> > > <Context path="/yourlas" docBase="yourlas" crossContext="false"
> debug="0"
> > > reloadable="false">
> > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > allow="128.171.156.141" />
> > > </Context>
> > >
> > > ----- Original Message -----
> > > From: "Steve Cousins" <cousins@limpet.umeoce.maine.edu>
> > > To: "Bob Yu" <yuy@nemo.gsfc.nasa.gov>
> > > Cc: <las_users@ferret.wrc.noaa.gov>
> > > Sent: Friday, June 27, 2003 3:55 PM
> > > Subject: Re: Q: user and passwd protection
> > >
> > > >
> > > >
> > > >
> > > > On Fri, 27 Jun 2003, Bob Yu wrote:
> > > >
> > > > > Hi there,
> > > > >
> > > > > Anyone has done the passwd protect for the LAS? I tried to do so ,
> but
> > > not success. Any hints?
> > > > >
> > > > > This is what I did:
> > > > > 1) create a users (user, passwd) file using htpasswd, under
> > > /etc/httpd/conf/users
> > > > > 2) insert these lines in httpd.conf:
> > > > >
> > > > > <Directory /home/yuy/las>
> > > > > AddHandler cgi-script .pl
> > > > > Options +ExecCGI
> > > > > AuthName "LAS restricted data"
> > > > > AuthType Basic
> > > > > AuthUserFile /etc/httpd/conf/users
> > > > > require user yuy
> > > > > </Directory>
> > > > >
> > > > > where /home/yuy/las is the LAS directory I want to protected.
> > > > >
> > > > > I got java exceptions when tried it.
> > > > >
> > > > > additional question: The httpd passwd protection is for apache
> > > > > service, not the servlet service. Therefore, before the very end
> step
> > > > > of displaying data at LAS when apache server is not touched yet, the
> > > > > passwd protection can not be applied. Is that right? If so, is there
> a
> > > > > way to protect the servlet service?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > --
> > > > > (Bob) Yunyue YU
> > > > > Code 971, Goddard Space Flight Center
> > > > > Greenbelt, MD 20771
> > > > > (301)614-6850 yuy@nemo.gsfc.nasa.gov
> > > >
> > > >
> > > > The way I did it was to use:
> > > >
> > > > <Directory /usr/local/src/lasxml/ui/>
> > > > AllowOverride AuthConfig
> > > > AddHandler cgi-script .pl
> > > > Options +ExecCGI
> > > > </Directory>
> > > >
> > > > Then I put a .htaccess file in the /usr/local/src/lasxml/ui/ directory
> > > > that looked like:
> > > >
> > > > AuthUserFile /usr2/WWW/passwords
> > > > AuthGroupFile /dev/null
> > > > AuthName "access to OMG LAS Server"
> > > > AuthType Basic
> > > >
> > > > <Limit GET>
> > > > require user las
> > > > </Limit>
> > > >
> > > >
> > > > Then I used htpasswd to add a password for user "las" in the password
> file
> > > > /usr2/WWW/passwords.
> > > >
> > > > This makes it so anyone going to this LAS directory at all will be
> asked
> > > > for a password. I haven't tried this with LAS 6 yet though.
> > > >
> > > > I hope this helps.
> > > >
> > > > Good Luck,
> > > >
> > > > Steve
> > > >
> > > > P.S. I'm sorry if someone else has already answered this. One of our
> > > > campus email servers is lagging quite a bit and I'm still receiving
> email
> > > > from this morning. It will be a few hours before it has caught up.
> > > >
> > > > _____________________________________________________________
> > > > Steve Cousins Email: cousins@umit.maine.edu
> > > > Research Associate Phone: (207) 581-4302
> > > > Ocean Modeling Group
> > > > School of Marine Sciences 208 Libby Hall
> > > > University of Maine Orono, Maine 04469
> > > >
> > > >
> > > >
> >
> > --
> >
> >
> > --
> > (Bob) Yunyue YU
> > Code 971, Goddard Space Flight Center
> > Greenbelt, MD 20771
> > (301)614-6850 yuy@nemo.gsfc.nasa.gov
> >
> >
--
--
(Bob) Yunyue YU
Code 971, Goddard Space Flight Center
Greenbelt, MD 20771
(301)614-6850 yuy@nemo.gsfc.nasa.gov
[Thread Prev][Thread Next][Index]
Dept of Commerce /
NOAA /
OAR /
PMEL /
TMAP
Contact Us | Privacy Policy | Disclaimer | Accessibility Statement