[Thread Prev][Thread Next][Index]

Re: LAS Password Protection



Tony,

I have still some problems.
I made the authentication work, but when LAS tries to display the
output, it cannot access it: it returns error 401 !

I put the Authentication directives at the <Directory /> level.
and then, all files are password protected.

If I do as in your configuration (without a virtual host),
    DocumentRoot $home/las/las_servlet/jakarta/webapps/
and Authentication directives at the DocumentRoot level,
with the <Files "*"> block
the password protection does not work...

In your configuration, why have you a virtual host? Is it necessary in
order to have password protected access?

What if I have only one IP address and only one Domain Name ? Can I have
still one actual and one virtual host ?

Thanks in advance for your answer
Jean-Marie



On Wed, 2005-03-23 at 16:53, Tony Jolibois wrote:
>           Jean-Marie,
> 
> Excuse me I didn't read the end of your mail !
> When you connect to an URL on the 8080 port, you usually connect the
> Tomcat server directly (default port of Tomcat), you don't use Apache
> in this case (default port of Apache is 80). Tomcat can be an http
> server (it is the case when you connect to port 8080), but it is safe
> to use Apache as the http server.
> So you must configure the communication between Tomcat and Apache.
> It's more simple with Apache 2 than Apache 1, see
> http://jakarta.apache.org/tomcat/connectors-doc/ to configure worker
> and mod_jk.
> 
> First you configure your Tomcat : $tomcatHome/conf/server.xml, you
> define the port you want to use. Here 8180 for http, 8109 for
> Tomcat-Apache.
> 
> See a part of server.xml :
> 
>     <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
>     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>                port="8180" minProcessors="5" maxProcessors="75"
>                enableLookups="true" redirectPort="8443"
>                acceptCount="100" debug="0" connectionTimeout="20000"
>                useURIValidationHack="false"
> disableUploadTimeout="true" />
>     <!-- Note : To disable connection timeouts, set connectionTimeout
> value
>      to 0 -->
>                                                                                                                                                                                      
>  
>                                                                                                                                                                                      
>     <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
>     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
>                port="8109" minProcessors="5" maxProcessors="75"
>                enableLookups="true" redirectPort="8443"
>                acceptCount="10" debug="0" connectionTimeout="0"
>                useURIValidationHack="false"
>               
> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
> 
> If I connect on http://opendap.mercator-ocean.fr:8180/dodsC/  I will
> connect to Tomcat directly, no Apache.
> 
> Then you configure workers.properties.
> 
> See a part of my /etc/httpd/conf/workers2.properties
> 
> [channel.socket:localhost:8109]
> port=8109
> host=127.0.0.1
>                                                                                                                                                                                      
> [ajp13:localhost:8109]
> channel=channel.socket:localhost:8109
>                                                                                                                                                                                      
> [uri:opendap.mercator-ocean.fr/*.jsp]
> worker=ajp13:localhost:8109
>                                                                                                                                                                                      
> [uri:opendap.mercator-ocean.fr/servlet/*]
> worker=ajp13:localhost:8109
>                                                                                                                                                                                      
> [uri:opendap.mercator-ocean.fr/thredds/*]
> worker=ajp13:localhost:8109
>                                                                                                                                                                                      
> [uri:opendap.mercator-ocean.fr/dodsC/*]
> worker=ajp13:localhost:8109
> 
> 
> With that when I connect to
> http://opendap.mercator-ocean.fr:8180/dodsC/ then Apache "know" that
> he must pass the job to Tomcat.
> But see the documentation on web site
> http://jakarta.apache.org/tomcat/connectors-doc/ because I'm not sure
> that I send all informations. 
> 
> Hope this help.
> 
> Regards,
> Tony
> 
> J-M Epitalon wrote:
> > Hi tony,
> > 
> > I tried setting up a virtual host with the following lines:
> > 
> > # Added for LAS server
> > NameVirtualHost *:8080
> > <VirtualHost *:8080>
> >     DocumentRoot /usr/local/las/las_servlet/jakarta/webapps/
> >     ServerName gascogne.cerfacs.fr:8080
> >     ErrorLog logs/LAS-ui-error_log
> >     CustomLog logs/LAS-ui-access_log common
> > 
> >     <Directory "/usr/local/las/las_servlet/jakarta/webapps/">
> >         Options -Indexes
> >         AllowOverride All
> >         AuthType Basic
> >         AuthName "Tout le site web"
> >         AuthUserFile /usr/local/las/passwords
> >         Require user discendo
> >     </Directory>
> > </VirtualHost>
> > 
> > This does not work. i.e. there is no password protection to the page 
> > http:gascogne.cerfacs.fr:8080/las/servlets/dataset
> > 
> > If I add the following line:
> > listen 0.0.0.0:8080
> > 
> > then, the Apache server looks for an actual HTML page at this address
> > and returns
> > error 404: The requested URL /las/servlets/dataset was not found on this
> > server.
> > 
> > I don't understand how Apache and Tomcat work together.
> > Where is the address /las/servlets/dataset translated to something like
> > /usr/local/las/las_servlet/jakarta/webapps ?
> > 
> > Is Apache server transparent to any request coming on port 8080 ?
> > 
> > I am lost
> > Jean-Marie
> > 
> > On Wed, 2005-03-23 at 15:20, Tony Jolibois wrote:
> >   
> > >        Jean-Marie,
> > > 
> > > I configured an Apache 2 with password protection, not for a LAS but
> > > you can apply this to any web site you want.
> > > I have several virtual host on the same server, the configuration of
> > > one of these is here (in /etc/httpd/conf/httpd.conf) :
> > > 
> > > <VirtualHost opendap.mercator-ocean.fr>
> > >     ServerAdmin webmaster@dummy-host.example.com
> > >     DocumentRoot /data/mercat1
> > >     DirectoryIndex index.html
> > >     ServerName opendap.mercator-ocean.fr
> > > #    ErrorLog logs/opendap.mercator-ocean.fr-error_log
> > >     SetEnvIf Remote_Addr "62\.161\.32" dontlog
> > >     SetEnvIf Remote_Addr "80\.245\.34" dontlog
> > >     SetEnvIf Remote_Addr "10\.1" dontlog
> > >     CustomLog logs/opendap.mercator-ocean.fr-access_log common
> > >     Alias /data /data/commun
> > >     Alias /conf /data/mercat1/tomcat/webapps/dodsC/data
> > >                                                                                                                                                                                  
> > > <Location /dodsC >
> > > AuthType Basic
> > > AllowOverride All
> > > AuthName "Opendap Mercator Access"
> > > AuthUserFile /etc/httpd/conf/users-opendap.mercator-ocean.fr
> > > Order allow,deny
> > > Allow from 127.0.0.1
> > > Require valid-user
> > > Satisfy any
> > > </Location>
> > > 
> > > </VirtualHost>
> > > 
> > > The file /etc/httpd/conf/users-opendap.mercator-ocean.fr has been
> > > created with the utility htpasswd of Apache.
> > > 
> > > Then when someone try this URL :
> > > http://opendap.mercator-ocean.fr/dodsC/ you must enter login/passwd.
> > > 
> > > Tony (with Y and not i :-)
> > > 
> > > J-M Epitalon wrote:
> > >     
> > > > Hi all,
> > > > 
> > > > I also need to apply password protection to my LAS server.
> > > > I run Apache 2.0 and what said Toni does not apply exactly to me.
> > > > 
> > > > I tried the following but it does not work.
> > > > <Directory $home/las/las_servlet/jakarta/webapps/ >
> > > > AuthType Basic
> > > > AuthName  "Mersea Access "
> > > > AuthUserFile $home/users-valid
> > > > require valid-user
> > > > </Directory>
> > > > 
> > > > 
> > > > Before reading thru Apache and Tomcat documentation, I would like to
> > > > know if someone already set a password protection to a LAS based on
> > > > Apache 2.0
> > > > 
> > > > Also I would like to understand this:
> > > > Is the Tomcat server using Apache as front end or is it serving HTML
> > > > pages by its own ?
> > > > 
> > > > Please help.
> > > > 
> > > > Jean-Marie
> > > > 
> > > > 
> > > > On Tue, 2005-02-08 at 18:15, Jonathan Callahan wrote: 
> > > >   
> > > >       
> > > > > Toni Jolibois answers: 
> > > > >     
> > > > >         
> > > > > >        Hi all,
> > > > > > 
> > > > > > A response to the mail below.
> > > > > > I have a LAS configured with an http authentification :
> > > > > > http://las.mersea.eu.org.
> > > > > > Here is my Apache configuration (Warning : this is an Apache 1.3, I
> > > > > > don't know if the new Apache 2 which I recommend have the same
> > > > > > syntax for the configuration) :
> > > > > > 
> > > > > > In the httpd.conf, I have a virtual host ($home is the path of the
> > > > > > mersea user, change it with the good one for you) :
> > > > > > 
> > > > > > <VirtualHost las.mersea.eu.org>
> > > > > >     ServerAdmin webmaster@mersea.eu.org
> > > > > >     DocumentRoot $home/las/las_servlet/jakarta/webapps/
> > > > > >     DirectoryIndex index.html
> > > > > >     RedirectMatch  /index.html /las/servlets/dataset
> > > > > >     ServerName las.mersea.eu.org
> > > > > >     ErrorLog logs/las.mersea.eu.org-error_log
> > > > > >     CustomLog logs/las.mersea.eu.org-access_log common
> > > > > >     ScriptAlias  /las-bin/ $home/las/server/
> > > > > >     Alias /las-output/ $home/las/server/output/
> > > > > >     Include /etc/httpd/conf/mod_jk.conf-mersea
> > > > > > </VirtualHost>
> > > > > > 
> > > > > > By default, this configuration file parse the access.conf placed in
> > > > > > the same directory, but you can put these lines into the httpd.conf.
> > > > > > Here is my access.conf :
> > > > > > 
> > > > > > #
> > > > > > # This is the default file for the AccessConfig directive in
> > > > > > httpd.conf.
> > > > > > # It is processed after httpd.conf and srm.conf.
> > > > > > #
> > > > > > # To avoid confusion, it is recommended that you put all of your
> > > > > > # Apache server directives into the httpd.conf file and leave this
> > > > > > # one essentially empty.
> > > > > > #
> > > > > > <Directory $home/las/las_servlet/jakarta/webapps/ >
> > > > > > Options -Indexes
> > > > > > AllowOverride All
> > > > > > AuthType Basic
> > > > > > AuthName  "Mersea Access "
> > > > > > AuthUserFile $home/users-valid
> > > > > > <Files "*">
> > > > > > require valid-user
> > > > > > </Files>
> > > > > > </Directory>
> > > > > > 
> > > > > > I created the $home/users-valid with the Apache utility "htpasswd"
> > > > > > in order to have a user and an encrypted password.
> > > > > > Please see http://httpd.apache.org/docs/howto/auth.html for Apache
> > > > > > 1.3 and http://httpd.apache.org/docs-2.0/howto/auth.html for Apache
> > > > > > 2, all is explained.
> > > > > > 
> > > > > > Note that there is an other way to configure http password for a
> > > > > > virtual host and not for a directory.
> > > > > > 
> > > > > > If you have specific question please send me a mail.
> > > > > > 
> > > > > > Regards,
> > > > > > Tony Jolibois 
> > > > > >       
> > > > > >           
> > > > > benb wrote: 
> > > > >     
> > > > >         
> > > > > > Hello All,
> > > > > > 
> > > > > > To satisfy the data access policy for my project I need to require a logon to
> > > > > > my LAS site (anyone can get a password, we just need to keep track of everyone
> > > > > > that accesses the site).  I saw "Adding password protection" in the FAQ at
> > > > > > http://ferret.pmel.noaa.gov/Ferret/LAS/FAQ/password_protection.htm but this 
> > > > > > does
> > > > > > not work and seems to apply to version 5 and below.  I'm running LAS 6.3.  Can
> > > > > > anyone tell me how to achieve password protection with this version?
> > > > > > 
> > > > > > The following is what I put in Apache httpd.conf (which doesn't work):
> > > > > >  
> > > > > > -----
> > > > > > Alias /las "/usr/local/las/las/las_servlet/jakarta/webapps/las"
> > > > > > <Directory /usr/local/las/las/las_servlet/jakarta/webapps/las/>
> > > > > >     AddHandler cgi-script .pl
> > > > > >     Options +ExecCGI
> > > > > >     AuthUserFile /usr/local/apache2/.auto_pass/.auto_pass.txt
> > > > > >     AuthGroupFile /dev/null
> > > > > >     AuthName 'WTF-CEOP members'
> > > > > >     AuthType Basic
> > > > > >     <Limit GET POST >
> > > > > >     require valid-user
> > > > > >     </Limit>
> > > > > > </Directory>
> > > > > > ------
> > > > > > 
> > > > > > 
> > > > > > Thank you,
> > > > > > 
> > > > > > Ben
> > > > > > 
> > > > > > 
> > > > > >   
> > > > > >       
> > > > > >           
> > > >         
> > 
> >   


[Thread Prev][Thread Next][Index]

Dept of Commerce / NOAA / OAR / PMEL / TMAP
Contact Us | Privacy Policy | Disclaimer | Accessibility Statement