Problem with Basic Authentication behind Apache

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with Basic Authentication behind Apache

its_me-2
Hello everybody,

we run Hudson behind an Apache2 server which authenticates the users via LDAP. When we try to install a version newer than 1.111 we see the following error:

HTTP Status 401 -
type Status report
message
description This request requires HTTP authentication ().
Apache Tomcat/5.5.20

I assume this is related to the change in version 1.112 "Added HTTP basic authentication support for scripting clients".

Is there any easy solution for this?

Thanks in advance.
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

Kohsuke Kawaguchi
Administrator

Looks like the basic authentication done by Apache is interfering with
the new Hudson feature.

I modified the code to disable this on Hudson side if the security is
off in Hudson. If you can try the snapshot build to see if that fixes
the problem, that would be great.

[hidden email] wrote:

> Hello everybody,
>
> we run Hudson behind an Apache2 server which authenticates the users via LDAP. When we try to install a version newer than 1.111 we see the following error:
>
> HTTP Status 401 -
> type Status report
> message
> description This request requires HTTP authentication ().
> Apache Tomcat/5.5.20
>
> I assume this is related to the change in version 1.112 "Added HTTP basic authentication support for scripting clients".
>
> Is there any easy solution for this?
>
> Thanks in advance.
> _____________________________________________________________________
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

Tomasz Sterna-2
Dnia 27-06-2007, śro o godzinie 18:41 -0700, Kohsuke Kawaguchi
napisał(a):
> I modified the code to disable this on Hudson side if the security is
> off in Hudson. If you can try the snapshot build to see if that fixes
> the problem, that would be great.

It fixed the problem for me.


--
Tomasz Sterna
eo Networks Sp. z o.o.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

its_me-2
In reply to this post by its_me-2
Sorry for the late answer... I tried the new build but it seems not to solve my problem - I still get the 401 error "This request requires HTTP authentication ()".

How do I switch off security in Hudson? Do I have to comment out the BasicAuthentication-Filter in web.xml?



-----Ursprüngliche Nachricht-----
Von: [hidden email]
Gesendet: 28.06.07 03:49:49
An: [hidden email]
Betreff: Re: Problem with Basic Authentication behind Apache



Looks like the basic authentication done by Apache is interfering with
the new Hudson feature.

I modified the code to disable this on Hudson side if the security is
off in Hudson. If you can try the snapshot build to see if that fixes
the problem, that would be great.

[hidden email] wrote:

> Hello everybody,
>
> we run Hudson behind an Apache2 server which authenticates the users via LDAP. When we try to install a version newer than 1.111 we see the following error:
>
> HTTP Status 401 -
> type Status report
> message
> description This request requires HTTP authentication ().
> Apache Tomcat/5.5.20
>
> I assume this is related to the change in version 1.112 "Added HTTP basic authentication support for scripting clients".
>
> Is there any easy solution for this?
>
> Thanks in advance.
> _____________________________________________________________________
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]



_______________________________________________________________________
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 3 Monate
kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

Kohsuke Kawaguchi
Administrator
I'd first check if the new war file was really deployed.

If you are sure about that, then yeah, could you try removing the
filter from web.xml, and see if that makes any difference?

2007/7/2, [hidden email] <[hidden email]>:
> Sorry for the late answer... I tried the new build but it seems not to solve my problem - I still get the 401 error "This request requires HTTP authentication ()".
>
> How do I switch off security in Hudson? Do I have to comment out the BasicAuthentication-Filter in web.xml?

--
Kohsuke Kawaguchi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

its_me-2
In reply to this post by its_me-2
I'm sure that the new version is deployed (deleted the folders from webapp and work in tomcat and deployed the new war).

If I comment out the authentication filter and the filter mapping from the web.xml I can access the application through the Apache-Server. That looks good so far - many thanks for the help! But do you think there is a possibility to avoid the manual editing of the web.xml in each new .war? This would make life much easier for us...


-----Ursprüngliche Nachricht-----
Von: [hidden email]
Gesendet: 03.07.07 00:39:49
An: [hidden email]
Betreff: Re: Problem with Basic Authentication behind Apache


I'd first check if the new war file was really deployed.

If you are sure about that, then yeah, could you try removing the
filter from web.xml, and see if that makes any difference?

2007/7/2, [hidden email] <[hidden email]>:
> Sorry for the late answer... I tried the new build but it seems not to solve my problem - I still get the 401 error "This request requires HTTP authentication ()".
>
> How do I switch off security in Hudson? Do I have to comment out the BasicAuthentication-Filter in web.xml?

--
Kohsuke Kawaguchi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]




_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

Kohsuke Kawaguchi
Administrator
[hidden email] wrote:
> I'm sure that the new version is deployed (deleted the folders from
> webapp and work in tomcat and deployed the new war).
>
> If I comment out the authentication filter and the filter mapping from
> the web.xml I can access the application through the Apache-Server. That
> looks good so far - many thanks for the help! But do you think there is
> a possibility to avoid the manual editing of the web.xml in each new
> .war? This would make life much easier for us...

I need more information, I guess. The BasicAuthenticationFilter is no-op
as long as the security setting is disabled in Hudson, and another
person confirmed that this fix is working as expected.

Does the server leaves any log?

>
>
> -----Urspr?ngliche Nachricht-----
> Von: [hidden email]
> Gesendet: 03.07.07 00:39:49
> An: [hidden email]
> Betreff: Re: Problem with Basic Authentication behind Apache
>
>
> I'd first check if the new war file was really deployed.
>
> If you are sure about that, then yeah, could you try removing the
> filter from web.xml, and see if that makes any difference?
>
> 2007/7/2, [hidden email] <[hidden email]>:
>> Sorry for the late answer... I tried the new build but it seems not to solve my problem - I still get the 401 error "This request requires HTTP authentication ()".
>>
>> How do I switch off security in Hudson? Do I have to comment out the BasicAuthentication-Filter in web.xml?
>

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

its_me-2
In reply to this post by its_me-2
Many thanks - it works now so far. We are filtering the users now via LDAP and have security in Hudson disabled. The only problem is: we may only allow admin users to access Hudson since the config area isn't protected anymore.

It would be great to have the possibility to keep security in Hudson enabled so that the config area is protected but the normal status view can be accessed by any (authenticated) request coming from Apache.


-----Ursprüngliche Nachricht-----
Von: [hidden email]
Gesendet: 03.07.07 14:54:06
An: [hidden email]
Betreff: Re: Problem with Basic Authentication behind Apache


[hidden email] wrote:
> I'm sure that the new version is deployed (deleted the folders from
> webapp and work in tomcat and deployed the new war).
>
> If I comment out the authentication filter and the filter mapping from
> the web.xml I can access the application through the Apache-Server. That
> looks good so far - many thanks for the help! But do you think there is
> a possibility to avoid the manual editing of the web.xml in each new
> .war? This would make life much easier for us...

I need more information, I guess. The BasicAuthenticationFilter is no-op
as long as the security setting is disabled in Hudson, and another
person confirmed that this fix is working as expected.

Does the server leaves any log?

>
>
> -----Urspr?ngliche Nachricht-----
> Von: [hidden email]
> Gesendet: 03.07.07 00:39:49
> An: [hidden email]
> Betreff: Re: Problem with Basic Authentication behind Apache
>
>
> I'd first check if the new war file was really deployed.
>
> If you are sure about that, then yeah, could you try removing the
> filter from web.xml, and see if that makes any difference?
>
> 2007/7/2, [hidden email] <[hidden email]>:
>> Sorry for the late answer... I tried the new build but it seems not to solve my problem - I still get the 401 error "This request requires HTTP authentication ()".
>>
>> How do I switch off security in Hudson? Do I have to comment out the BasicAuthentication-Filter in web.xml?
>


--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]



__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!
Mehr Infos unter http://produkte.web.de/club/?mc=021131

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Problem with Basic Authentication behind Apache

Kohsuke Kawaguchi
Administrator
[hidden email] wrote:
> Many thanks - it works now so far. We are filtering the users now via
> LDAP and have security in Hudson disabled. The only problem is: we may
> only allow admin users to access Hudson since the config area isn't
> protected anymore.

I see. So you were enabling both. That explains the behavior.

> It would be great to have the possibility to keep security in Hudson
> enabled so that the config area is protected but the normal status view
> can be accessed by any (authenticated) request coming from Apache.

Finer-grained access control is certainly desirable. Looking for any
volunteers to hack the code...

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment