• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User Authentication for subfolder not working in Web browser

 
Ratish Saseendran
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are using Oracle Application and Database Server for our application.

One of the functionalities of the Application is to send emails with attachments.

The logic is that the Application would generate the attachment file on the Application Server.

Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.

Exchange and Relay Server is also set in the Application.

The problem is that the folder containing the folder which stores the attachments is having user authentication set.

Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.

Alias created in httpd.conf

Alias /int-dir/ "/apps/interface/"

The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.

Application Server : 10.12.213.21

Database Server : 10.12.213.22

Email Server : 10.12.213.44

Configuration as per httpd.conf

Alias /int-dir/ "/apps/interface/"

<Location /int-dir/>
AuthName "Interface folder"
AuthType Basic
AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
require user scott
</Location>


<Location /int-dir/email>
Options Indexes Multiviews IncludesNoExec
Order deny,allow
Deny from all
Allow from 10.12.213.21
Allow from 10.12.213.22
Allow from 10.12.213.44
</Location>

Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :

http://10.12.213.21:7778/int-dir/ - it prompts for user authentication

However if we use the following URL :

http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.

I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.

Please help me if you can.

Thanking you in advance,

GLad to give any more information that i can.

dxbrocky
 
Rob Spoor
Sheriff
Pie
Posts: 20494
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's not Tomcat, that's Apache HTTPD. Although the two can work together, they are unrelated.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17989
47
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Rocky!

As Rob said, you are actually dealing with Apache HTTP, which is not the same thing as Apache Tomcat, but this is still about the best forum to ask in.

It appears to me as though it's doing exactly what you told it to do. You defined Location /int-dir/ and Location /int-dir/email.

For /int-dir you said "require user scott". Which considering you're an Oracle shop probably isn't the wisest user ID to pick, but that's another matter.

For /int-dir/email, you didn't say anything about user requirements. If you wanted a login there, you should have included a "require valid-user" and user authorization information. To forbid listing the index, you should have requested "Noindexes".
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic