| Author |
User Authentication for subfolder not working in Web browser
|
Ratish Saseendran
Greenhorn
Joined: Apr 13, 2012
Posts: 1
|
|
We are using Oracle Application and Database Server for our application.
One of the functionalities of the Application is to send emails with attachments.
The logic is that the Application would generate the attachment file on the Application Server.
Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
Exchange and Relay Server is also set in the Application.
The problem is that the folder containing the folder which stores the attachments is having user authentication set.
Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
Alias created in httpd.conf
Alias /int-dir/ "/apps/interface/"
The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
Application Server : 10.12.213.21
Database Server : 10.12.213.22
Email Server : 10.12.213.44
Configuration as per httpd.conf
Alias /int-dir/ "/apps/interface/"
<Location /int-dir/>
AuthName "Interface folder"
AuthType Basic
AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
require user scott
</Location>
<Location /int-dir/email>
Options Indexes Multiviews IncludesNoExec
Order deny,allow
Deny from all
Allow from 10.12.213.21
Allow from 10.12.213.22
Allow from 10.12.213.44
</Location>
Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
However if we use the following URL :
http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
Please help me if you can.
Thanking you in advance,
GLad to give any more information that i can.
dxbrocky
|
 |
Rob Spoor
Sheriff
Joined: Oct 27, 2005
Posts: 19216
|
|
|
That's not Tomcat, that's Apache HTTPD. Although the two can work together, they are unrelated.
|
SCJP 1.4 - SCJP 6 - SCWCD 5
How To Ask Questions How To Answer Questions
|
|
Tim Holloway
Saloon Keeper
Joined: Jun 25, 2001
Posts: 14491
|
|
Welcome to the JavaRanch, Rocky!
As Rob said, you are actually dealing with Apache HTTP, which is not the same thing as Apache Tomcat, but this is still about the best forum to ask in.
It appears to me as though it's doing exactly what you told it to do. You defined Location /int-dir/ and Location /int-dir/email.
For /int-dir you said "require user scott". Which considering you're an Oracle shop probably isn't the wisest user ID to pick, but that's another matter.
For /int-dir/email, you didn't say anything about user requirements. If you wanted a login there, you should have included a "require valid-user" and user authorization information. To forbid listing the index, you should have requested "Noindexes".
|
Customer surveys are for companies who didn't pay proper attention to begin with.
|
|
 |
|
|
subject: User Authentication for subfolder not working in Web browser
|
|
|
0
