Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

User Authentication for subfolder not working in Web browser

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are using Oracle Application and Database Server for our application.

One of the functionalities of the Application is to send emails with attachments.

The logic is that the Application would generate the attachment file on the Application Server.

Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.

Exchange and Relay Server is also set in the Application.

The problem is that the folder containing the folder which stores the attachments is having user authentication set.

Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.

Alias created in httpd.conf

Alias /int-dir/ "/apps/interface/"

The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.

Application Server : 10.12.213.21

Database Server : 10.12.213.22

Email Server : 10.12.213.44

Configuration as per httpd.conf

Alias /int-dir/ "/apps/interface/"

<Location /int-dir/>
AuthName "Interface folder"
AuthType Basic
AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
require user scott
</Location>


<Location /int-dir/email>
Options Indexes Multiviews IncludesNoExec
Order deny,allow
Deny from all
Allow from 10.12.213.21
Allow from 10.12.213.22
Allow from 10.12.213.44
</Location>

Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :

http://10.12.213.21:7778/int-dir/ - it prompts for user authentication

However if we use the following URL :

http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.

I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.

Please help me if you can.

Thanking you in advance,

GLad to give any more information that i can.

dxbrocky
 
Sheriff
Posts: 22791
131
Eclipse IDE Spring Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's not Tomcat, that's Apache HTTPD. Although the two can work together, they are unrelated.
 
Saloon Keeper
Posts: 27928
198
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Rocky!

As Rob said, you are actually dealing with Apache HTTP, which is not the same thing as Apache Tomcat, but this is still about the best forum to ask in.

It appears to me as though it's doing exactly what you told it to do. You defined Location /int-dir/ and Location /int-dir/email.

For /int-dir you said "require user scott". Which considering you're an Oracle shop probably isn't the wisest user ID to pick, but that's another matter.

For /int-dir/email, you didn't say anything about user requirements. If you wanted a login there, you should have included a "require valid-user" and user authorization information. To forbid listing the index, you should have requested "Noindexes".
 
I don't always make ads but when I do they're tiny
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic