As you suggested, The file (I have omitted it before) is ok (tomcat baseed basic auth)
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="manager"/> <role rolename="status"/> <role rolename="admin"/> <user username="tomcat" password="blablabla" roles="admin,manager,status"/> </tomcat-users> The question/matter/problem was: The app1 and the webdav app works only if: httpd.conf ... ok ProxyPass /app1/ ajp://www.example.com:8009/app1/ ProxyPass / http://www.example.com:8080/ ProxyPassReverse / http://www.example.com:8080/ ... or ok (tested only few minutes ago) ProxyPass / ajp://www.example.com:8009/ None of the following works (why??) ko ProxyPass /app1/ ajp://www.example.com:8009/app1/ ProxyPass /webdav/ ajp://www.example.com:8009/webdav/ ko ProxyPass /app1/ http://www.example.com:8080/app1/ ProxyPassReverse /app1/ http://www.example.com:8080/app1/ ProxyPass /webdav/ http://www.example.com:8080/webdav/ ProxyPassReverse /webdav/ http://www.example.com:8080/webdav/ ko ProxyPass / http://www.example.com:8080/ ProxyPassReverse / http://www.example.com:8080/ My solution was: "using the simplest case" ProxyPass / ajp://www.example.com:8009/ And both /app1 and /webdav work! Michele On Mon, Oct 27, 2008 at 1:47 PM, André Warnier <[EMAIL PROTECTED]> wrote: > Hi. > > Ah ! your Dav is at the Tomcat level, not the Apache level. > And that's also where the Dav authentication is being done. > > In other words, no authentication and no Dav is being handled at the Apache > level, so it has nothing to do with the Apache proxying, which probably > works fine. > > I believe this question should be reposted to the Tomcat mailing list, at " > [EMAIL PROTECTED]". > > In the meantime, my guess is that you have not created the appropriate user > and role for the authentication under Tomcat. > Just as a tip : > In your Tomcat/conf directory, there should be a file "tomcat-users.xml". > That's where users and roles are defined. > According to your <security-constraint> in the Dav webapp setup below, > you should have something like this in tomcat-users.xml : > > <role rolename="admin"/> > <user username="davuser" password="xxxxx" roles="admin"/> > (add it if it's not there) > > and then use the user "davuser" and the password you chose for logging in > when you DAV pops up its authentication dialog. > > If that does not work, then ask further on the Tomcat list. > > > > > > Michele Mase' wrote: > >> here is the conf: >> >> Frontend server: >> <VirtualHost *:80> >> ServerName www.example.com >> ProxyPass /favicon.ico ! >> ProxyPass /robots.txt ! >> ProxyPass /images/ ! >> ProxyPass /balancer ! >> ProxyPass /status ! >> ProxyPass /manager ! >> ProxyPass /host-manager ! >> ProxyPass /docs ! >> ProxyPass /examples ! >> ProxyPass /app1/ ajp://www.example.com:8009/app1/ >> ProxyPass / http://www.example.com:8080/ >> ProxyPassReverse / http://www.example.com:8080/ >> </VirtualHost> >> >> Tomcat: >> server.xml (default config): >> ... >> <Connector port="8080" protocol="HTTP/1.1" >> connectionTimeout="20000" >> redirectPort="8443"/> >> ... >> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> >> >> $CATALINA_HOME/conf/Catalina/localhost/app1.xml >> <?xml version="1.0" encoding="UTF-8"?> >> <Context path="/app1" docBase="/app1"> >> <Resources className="org.apache.naming.resources.FileDirContext" >> allowLinking="true" caseSensitive="false" /> >> </Context> >> >> WEB-INF/web.xml of app1 (where the webdav authentication is) >> >> <?xml version="1.0" encoding="ISO-8859-1"?> >> <web-app xmlns="http://java.sun.com/xml/ns/j2ee"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee >> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"; >> version="2.4"> >> <display-name>Webdav Content Management</display-name> >> <description> >> Webdav Content Management >> </description> >> <servlet> >> <servlet-name>webdav</servlet-name> >> >> <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class> >> <init-param> >> <param-name>debug</param-name> >> <param-value>0</param-value> >> </init-param> >> <init-param> >> <param-name>listings</param-name> >> <param-value>true</param-value> >> </init-param> >> <init-param> >> <param-name>readonly</param-name> >> <param-value>false</param-value> >> </init-param> >> </servlet> >> <servlet-mapping> >> <servlet-name>webdav</servlet-name> >> <url-pattern>/*</url-pattern> >> </servlet-mapping> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>The Entire Web Application</web-resource-name> >> <url-pattern>/*</url-pattern> >> </web-resource-collection> >> <auth-constraint> >> <role-name>admin</role-name> >> </auth-constraint> >> </security-constraint> >> <login-config> >> <auth-method>BASIC</auth-method> >> <realm-name>Tomcat Supported Realm</realm-name> >> </login-config> >> <security-role> >> <description> >> An example role defined in "conf/tomcat-users.xml" >> </description> >> <role-name>admin</role-name> >> </security-role> >> <welcome-file-list> >> <welcome-file/> >> </welcome-file-list> >> </web-app> >> >> >> On Mon, Oct 27, 2008 at 12:16 PM, André Warnier <[EMAIL PROTECTED]> wrote: >> >> Michele Mase' wrote: >>> >>> I've the following problem: >>>> >>>> A ftontend server with apache2.2.x (http1.1) >>>> mod_proxy >>>> mod_proxy_ajp >>>> >>>> A backend server: >>>> tomcat 6.x with 2 webapps: >>>> /app1 >>>> /app2 (webdav, basic authentication via http) >>>> >>>> Problem: >>>> >>>> /app1 works well under proxy_ajp: >>>> ProxyPass /some_path ajp://server:8009/app1 >>>> >>>> webdav authentication cannot work under proxy_ajp >>>> It works only under proxy_http: >>>> ProxyPass /path http://server/app2 >>>> ProxyPassReverse /path http://server/app2 >>>> >>>> Are there some limitations in proxy_ajp module? >>>> Could webdav authentication work with proxy_ajp? >>>> Michele >>>> >>>> What do you call "webdav authentiation" ? >>>> >>> DAV itself does not handle authentication. >>> It is whatever you put "around it" in your configuration that will do the >>> authentication. >>> Can you post the configuration of the section which you configure with >>> "Dav >>> on" ? >>> >>> >>> --------------------------------------------------------------------- >>> The official User-To-User support forum of the Apache HTTP Server >>> Project. >>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> " from the digest: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >> > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
