A question about Auth Dialog prompt in Apache based setup
Posted: Mon Apr 06, 2009 6:41 pmHi
Have a little obscure and long winded question regarding some authentican prompts I am seeing with Subsonic running on Tomcat behind Apache.
I have two Apache virtual hosts setup - one for LAN access and other for internet access.
The internet vhost setup uses ssl and uses basic HTTP authentication using .htaccess file
The LAN vhost does not use ssl or http auth
I have mapped subsonic using mod_jk mapping directive (JkMount /subsonic/* worker1) in both the virtual hosts
so I can go to
http://192.168.1.100
and
http://192.168.1.100/subsonic/
in my home LAN and not be prompted for any http level auth as expected.
From internet I can do
https://mypublichostname.home.com
where I am prompted for http auth by .htaccess and I am able to log into my internet home page fine.
But then when I go to
https://mypublichostname.home.com/subsonic/
I get promped by another auth dialog popup, which does not like the .htaccess user/password. So if I cancel it I get the following message
****************
HTTP Status 401 - LDAP authentication disabled.
--------------------------------------------------------------------------------
type Status report
message LDAP authentication disabled.
description This request requires HTTP authentication (LDAP authentication disabled.).
--------------------------------------------------------------------------------
Apache Tomcat/6.0.16
*******************
This seems to be coming from Tomcat and I noticed on the dialog the auth is being requested for Subsonic realm.
Now if I go back and try again I don't get the prompt second time and I can get to the Subsonic homepage login form fine.
It happens only the first time after I have logged into my website. After that it seems to not prompt me anymore, probably until the HTTP session expires.
My Tomcat security setup does not define any role or user for Subsonic webapp in tomcat-users.xml. It does define them for the tomcat manager webapp.
When I looking around the WEB-INF for Subsonic I noticed Subsonic realm is defined in applicationContext-security.xml
I am wondering if somebody can tell me what is causing Tomcat to throw that dialog prompt when I try to access Subsonic app?
This does not happen with another webapp (JSPWiki) that I have setup under Tomcat and does not have any explicit security requriements defined.
Is .htaccess auth at the Apache level is somehow triggering something in Subsonic's security profile ?
After the retry succeeds I can log into Subsonic itself and listen to streams fine. But would like to know what is causing this behavior.
Many thanks
Have a little obscure and long winded question regarding some authentican prompts I am seeing with Subsonic running on Tomcat behind Apache.
I have two Apache virtual hosts setup - one for LAN access and other for internet access.
The internet vhost setup uses ssl and uses basic HTTP authentication using .htaccess file
The LAN vhost does not use ssl or http auth
I have mapped subsonic using mod_jk mapping directive (JkMount /subsonic/* worker1) in both the virtual hosts
so I can go to
http://192.168.1.100
and
http://192.168.1.100/subsonic/
in my home LAN and not be prompted for any http level auth as expected.
From internet I can do
https://mypublichostname.home.com
where I am prompted for http auth by .htaccess and I am able to log into my internet home page fine.
But then when I go to
https://mypublichostname.home.com/subsonic/
I get promped by another auth dialog popup, which does not like the .htaccess user/password. So if I cancel it I get the following message
****************
HTTP Status 401 - LDAP authentication disabled.
--------------------------------------------------------------------------------
type Status report
message LDAP authentication disabled.
description This request requires HTTP authentication (LDAP authentication disabled.).
--------------------------------------------------------------------------------
Apache Tomcat/6.0.16
*******************
This seems to be coming from Tomcat and I noticed on the dialog the auth is being requested for Subsonic realm.
Now if I go back and try again I don't get the prompt second time and I can get to the Subsonic homepage login form fine.
It happens only the first time after I have logged into my website. After that it seems to not prompt me anymore, probably until the HTTP session expires.
My Tomcat security setup does not define any role or user for Subsonic webapp in tomcat-users.xml. It does define them for the tomcat manager webapp.
When I looking around the WEB-INF for Subsonic I noticed Subsonic realm is defined in applicationContext-security.xml
I am wondering if somebody can tell me what is causing Tomcat to throw that dialog prompt when I try to access Subsonic app?
This does not happen with another webapp (JSPWiki) that I have setup under Tomcat and does not have any explicit security requriements defined.
Is .htaccess auth at the Apache level is somehow triggering something in Subsonic's security profile ?
After the retry succeeds I can log into Subsonic itself and listen to streams fine. But would like to know what is causing this behavior.
Many thanks