Caucho Forums  

This forum is permanently closed because of spam. For free community support, please visit Google Groups:


Go Back   Caucho Forums > Resin

Reply
 
Thread Tools Display Modes
  #1  
Old 04-12-2011, 08:31 PM
theBlueSage theBlueSage is offline
Member
 
Join Date: Apr 2011
Posts: 33
Default URL exclusion using XmlAuthenticator

Hi

I have a full production site using resin, and a stage site that needs to be open to the public as well. However I want to have an HTTP-Auth basic login prompt when anyone goes to the site so only my QA people can see it. This I achieved with XmlAuthenticator in the resin.xml doc.
However my stage environment is across 3 servers and they are load balanced. the LB needs to access /lb.jsp without hitting the login request. I cant seem to find the right combination that would encompass:

<resin:Allow> url="/lb.jsp"</resin:Allow>
<resin:Authenticate url="everythingelse">

Is this actually possible?

thanks for any tips of suggestions!
Reply With Quote
  #2  
Old 04-13-2011, 03:03 PM
reza reza is offline
Super Moderator
 
Join Date: Nov 2009
Location: Philadelphia, PA
Posts: 101
Send a message via Skype™ to reza
Default

theBlueSage,

How about something like this:

<resin:Allow url-pattern="[your URL]">
<resin:Or>
<resin:IfUserInRole role="[your user role]"/>
<resin:IfNetwork value="[your load balancer IP]"/>
</resin:Or>
</resin:Allow>

More details here: http://caucho.com/resin-4.0/admin/security.xtp.

Thanks,
Reza
Reply With Quote
  #3  
Old 04-29-2011, 05:13 PM
theBlueSage theBlueSage is offline
Member
 
Join Date: Apr 2011
Posts: 33
Unhappy

Hi, thanks for your reply and sorry it took me so long to get to it. I tried the following, but the auth prompt comes up regardless. I was hoping that the auth request would only appear IF the access is from outside the network .... however the auth prompt appears regardless of network.



<resin:Allow url-pattern="/*">
<resin:Or>
<resin:IfUserInRole role="user"/>
<resin:IfNetwork value="10.16.0.0/12"/>
<resin:IfNetwork value="192.168.0.0/16"/>
</resin:Or>
</resin:Allow>

<authenticator type="com.caucho.server.security.XmlAuthenticator" >
<init>
<user>someUserName:somePassword:user</user>
<password-digest>none</password-digest>
</init>
</authenticator>
<login-config auth-method='basic'/>
Reply With Quote
  #4  
Old 05-02-2011, 04:28 PM
alex alex is offline
Administrator
 
Join Date: Aug 2009
Posts: 218
Default

Hi theBlueSage,

can you try with something like this:


<web-app xmlns="http://caucho.com/ns/resin"
xmlns:resin="urn:java:com.caucho.resin">
<session-config reuse-session-id="all"/>

<resin:XmlAuthenticator password-digest="none">
<user name="Aladdin" password="open sesame" role="user"/>
</resin:XmlAuthenticator>

<resin:BasicLogin/>

<resin:Allow url-pattern='/test.jsp'>
<resin:Or>
<resin:IfNetwork>
<value>192.168.117.80</value>
</resin:IfNetwork>

<resin:IfUserInRole role="user"/>
</resin:Or>

</resin:Allow>

</web-app>

note, ifNetwork preceding the ifUserInRole in the 'or'

thanks
Reply With Quote
  #5  
Old 05-02-2011, 07:35 PM
reza reza is offline
Super Moderator
 
Join Date: Nov 2009
Location: Philadelphia, PA
Posts: 101
Send a message via Skype™ to reza
Default

theBlueSage,

What version are you using? I tried both your and Alex's example and both work for me on Resin 4.0.17 Pro?

Thanks,
Reza
Reply With Quote
  #6  
Old 05-26-2011, 03:35 PM
theBlueSage theBlueSage is offline
Member
 
Join Date: Apr 2011
Posts: 33
Default using 4.0.6

Got it to work by putting the ifUserInRole below ifNetwork. Thanks for that one

<resin:Allow url-pattern="/*">
<resin:Or>
<resin:IfNetwork value="x.x.x.x"/>
<resin:IfNetwork value="127.0.0.1"/>
<resin:IfNetwork value="x.x.x.x/24"/>
<resin:IfNetwork value="q.a.x.c"/>
<resin:IfNetwork value="10.0.0.0/8"/>
<resin:IfUserInRole role="user"/>
</resin:Or>
</resin:Allow>
<authenticator type="com.caucho.server.security.XmlAuthenticator" >
<init>
<user>mocospace:V645qki:user</user>
<password-digest>none</password-digest>
</init>
</authenticator>
<login-config auth-method='basic'/>
Reply With Quote
  #7  
Old 05-26-2011, 05:02 PM
theBlueSage theBlueSage is offline
Member
 
Join Date: Apr 2011
Posts: 33
Default multiple URLs .. read order?

If I want to control different URL paths differently, is there anything wrong with the following approach?

<resin:Allow url-pattern="/public/files/*">
<resin:IfNetwork value="0/0"/>
</resin:Allow>
<resin:Allow url-pattern="/api/*">
<resin:IfNetwork value="0/0"/>
</resin:Allow>

<!-- and then trap everyone else -->
<resin:Allow url-pattern="/*">
<resin:Or>
<resin:IfNetwork value="127.0.0.1" />
<resin:IfNetwork value="192.168.0.0/16" />
<resin:IfNetwork value="10.0.0.0/8" />
<resin:IfUserInRole role="user" />
</resin:Or>
</resin:Allow>
Reply With Quote
Reply

Tags
aauthentication

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:20 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.