hello Johnny, I am sorry to confuse you... see my problem is that i used mod_auth_kerb for implementing single sing-on in a Japan server.i finsihed the project..then we found the problem ...
that module works only in Apache and not in tomcat.so we needed something to connect Apache and tomcat to request the servlet inside webapps of Tomcat. first i wrote a Perl script which will redirect the request to the servlet. that gave temporary relief. it was working fine. so a client request for a servlet (http://ipaddress/cert) will run perfectly from a Japan machine. but running it from my system will say " authentication required" thats how it should run... *i should not be able to run that servlet in JP server from my machine.. thats where authentication prompt comes.. instead if i remote login to a JP machine and run the url ..it works perfectly..* thats how my project should work. i hope till here you are clear ! now i went for JK2 connector. now after configuring the appropriate files .. i checked the URL from JP machine. it works perfectly ( now no need of the perl script !) but when i run from my machine ....also i am able to get the result...( which is not what i should get ) that means now i am not getting that authentication message ..but am able to run the url and get the result from my machine also. thats what i mentioned about a security issue...no security for the URL.. so i should change some thing inside httpd.conf file... thats what my doubt is..... hope you understood the scenario... this is the data i have given for Kerberos authentication inside my httpd.conf.. <Directory /> AuthType Kerberos AuthName "Kerberos Login" KrbAuthRealms JP.SONY.COM KrbServiceName HTTP/[EMAIL PROTECTED] Krb5Keytab /usr/local/apache/conf/jptkysip99.keytab KrbMethodNegotiate on KrbMethodK5Passwd off Require valid-user </Directory> On 4/5/07, Johnny Kewl <[EMAIL PROTECTED]> wrote:
Hello Sunil, I'm not sure if I understand what you trying to do... If you want Apache to authenticate there should be something like this in httpd.conf <Location /secure> AuthType basic AuthName "japan area" AuthBasicProvider dbm AuthDBMType SDBM AuthDBMUserFile /www/etc/dbmpasswd Require valid-user </Location> If you want Tomcat to do the authentication then <login-config> <auth-method>BASIC</auth-method> <realm-name>HARBOR Security</realm-name> </login-config> <security-constraint> <!--this section dictates which URLS will invoke security--> <web-resource-collection> <web-resource-name>Test</web-resource-name> <url-pattern>/service/admin</url-pattern> </web-resource-collection> <!--only users in these roles will get access to the above uri--> <!--users are set in the conf/tomcat-users.xml file--> <auth-constraint> <role-name>japan_admin</role-name> </auth-constraint> </security-constraint> I tried to find a good example for you, but I couldnt find anything for mod_jk2.... maybe someone else can comment on this but I think mod_jk2 has been deprecated (its old)... yes the numbering doesnt make sense. Anyway I think if you use mod_jk in future, you will find many more people can help. If you want SSL as well then have a look at the apache help file ie http://apacheserver/manual I dont know mod_jk2 but I think that any Cert or Ssl stuff in worker files must be for SSL between Apache and Tomcat... and its not often needed or wanted. Anyway... if you want little login box's to prompt the user.... must do something like the above. If you do it in Apache then local users can still get into Tomcat through a connector, if you do it in Tomcat then all users via Apache or direct to tomcat will have to login. It depends on what your system looks like... I think it will probably be easier to do it on Tomcat and then deliver the WAR package to Japan. That way Apache admin person just needs a simple connector setup. Here is some sample stuff for mod_jk that will help you get going http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html and some more for SSL https://spaces.internet2.edu/display/SHIB/JKIdPInstall Main point is if you start using MOD_JK then just googling for Tomcat Mod_jk will give you losts of info.... Your english is much better than my japanese, but for prompting user login the word to search for is AUTHENTICATION... searching for "security" will probably give you SSL. Hope that helps ----- Original Message ----- *From:* sunil chandran <[EMAIL PROTECTED]> *To:* Tomcat Users List <users@tomcat.apache.org> *Cc:* JOHN <[EMAIL PROTECTED]> *Sent:* Wednesday, April 04, 2007 10:58 AM *Subject:* Re: problem in handlins request for JK2 Hi , this is the modifictaion i made in workers2.properties file: ------------------------------------------------------------------------------------------------------------------------ [channel.socket:localhost:8009] info=Ajp13 forwarding over socket debug=0 tomcatId=localhost:8009 # define the worker [ajp13:localhost:8009] channel=channel.socket:localhost:8009 group=lb [uri:/cert] info=Colavo Authentication. debug=0 [uri:/] info=Colavo Authentication. debug=0 [uri:/event] info=Colavo Authentication. debug=0 [uri:/status] [uri:/status02] info=Colavo Authentication. debug=0 ------------------------------------------------------------------- then i added LoadModule jk2_module modules/mod_jk2.so inside httpd.conf file in apache. now i can succesfully run http://serverIP/status <http://serverip/status> http://serverIP/cert?username=....&password<http://serverip/cert?username=....&password> =... this is working fine. but i need to restrict from opening this URL from my systtem that url should ask for authorization required (401 error) but the problem is i am able to run this url of server located in Japan from my system also. which i should restrict. i need to do some changes in httpd.conf file itself.. please help me forward On 4/4/07, JOHN <[EMAIL PROTECTED]> wrote: > > Please show us the setup files... > > > > ----- Original Message ----- > From: "sunil chandran" < [EMAIL PROTECTED]> > To: <users@tomcat.apache.org> > Sent: Wednesday, April 04, 2007 9:02 AM > Subject: problem in handlins request for JK2 > > > > Hello all, > > > > I am Sunil C. > > i have used JK2 connector to connect Apache and > Tomcat > > I am having a servlet (Certserv) folder in webapps folder in Tomcat. > > i gave uri to that cert program in my workers2.properties file. > > > > everything is working fine. > > > > but i face a secuirty issue. this machine is in other domain. i mean > > Japan. > > i did a remote login and checked the uri . its working fine. > > > > the real problem lies ...when i type the uri from my machine. it > should > > show > > "authentication required" > > because that folder is authentication restricted. > > but now ..i am able to run the uri from machine also. > > > > please tell me how can i restrict it. > > > > i tried giving : > > > > <Location "/cert"> > > JkUriSet worker ajp13:localhost:8009 > > </Location> > > > > but it doesnt seem to work. > > > > is there something i have to include in my httpd.conf file of Apache? > > > > please help me forward > > > > thanks in advance. > > > > > > > > > > -- > > Sunil > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Sunil
-- Sunil