Re: password protection

Hi again:

Sorry, i misunderstood the stack trace below. It appears the TDS is trying to access a password-protected opendap server, possibly itself?

Luca Giacomelli wrote:

Dear support,
I'd like to control the access to my datasets (thredds version 3.8.03). I tried 
to configure Tomcat Users. Now all seems to works but I can't get ascii data 
(after the authentication). I can see an empty web page and and I can read this 
error in catalina.out:

OUCH! IOException: Server returned HTTP response code: 401 for URL: 
http://137.204.52.160:8080/thredds/dodsC/agg/climatology.dods
java.io.IOException: Server returned HTTP response code: 401 for URL: 
http://137.204.52.160:8080/thredds/dodsC/agg/climatology.dods
       at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:800)
       at dods.dap.DConnect.openConnection(DConnect.java:193)
       at dods.dap.DConnect.getDataFromUrl(DConnect.java:451)
       at dods.dap.DConnect.getData(DConnect.java:410)
       at dods.servlet.dodsASCII.sendASCII(dodsASCII.java:92)
       at dods.servlet.DODSServlet.doGetASC(DODSServlet.java:862)
       at dods.servlet.DODSServlet.doGet(DODSServlet.java:1459)
       at dods.servers.netcdf.NcDODSServlet.doGet(NcDODSServlet.java:264)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
       at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at 
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
       at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
       at 
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
       at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
       at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
       at 
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
       at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
       at java.lang.Thread.run(Thread.java:534)

In my ${tomcat_home}/webapps/thredds/WEB-INF/web.xml I added this 
security-constraint:
<security-constraint>
   <display-name>User thredds</display-name>
   <web-resource-collection>
     <web-resource-name>thredds allowed</web-resource-name>
     <url-pattern>/dodsC/*</url-pattern>
     <http-method>GET</http-method>
   </web-resource-collection>
   <auth-constraint>
     <role-name>thredds</role-name>
   </auth-constraint>
   <user-data-constraint>
     <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
 </security-constraint>

I'd like to know how to limit data access.

Best regards, Luca


--
Giacomelli Luca
Laboratorio di Simulazioni Numeriche del Clima e degli Ecosistemi Marini
Università degli Studi di Bologna-Corso di Laurea in Scienze Ambientali
Via S.Alberto 163, 48100 Ravenna
Tel. +39 0544937324 - Fax +39 0544937323

Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invito ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandomene gentilmente comunicazione. Grazie.

Pursuant to Legislative Decree No. 196/2003, you are hereby informed that this message contains confidential information intended only for the use of the addressee. If you are not the addressee, and have received this message by mistake, please delete it and immediately notify me. You may not copy or disseminate this message to anyone. Thank you.



==============================================================================
To unsubscribe thredds, visit:
http://www.unidata.ucar.edu/mailing-list-delete-form.html
==============================================================================


  • 2006 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: