Re: password protection

Hi Luca:
It looks like your dods client doesnt know how to pass a name/password to tomcat? A 401 would be the correct response when an unauthorized user tries to access.
What dods client are you using? A browser? Then did you set up a thredds user in the tomcat-users.xml ? You have to restart tomcat after that, unless you use the Tomcat Administrator servlet. 

Luca Giacomelli wrote:


Dear support,
I'd like to control the access to my datasets (thredds version 3.8.03). I tried 
to configure Tomcat Users. Now all seems to works but I can't get ascii data 
(after the authentication). I can see an empty web page and and I can read this 
error in catalina.out:

OUCH! IOException: Server returned HTTP response code: 401 for URL: 
http://137.204.52.160:8080/thredds/dodsC/agg/climatology.dods
java.io.IOException: Server returned HTTP response code: 401 for URL: 
http://137.204.52.160:8080/thredds/dodsC/agg/climatology.dods
       at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:800)
       at dods.dap.DConnect.openConnection(DConnect.java:193)
       at dods.dap.DConnect.getDataFromUrl(DConnect.java:451)
       at dods.dap.DConnect.getData(DConnect.java:410)
       at dods.servlet.dodsASCII.sendASCII(dodsASCII.java:92)
       at dods.servlet.DODSServlet.doGetASC(DODSServlet.java:862)
       at dods.servlet.DODSServlet.doGet(DODSServlet.java:1459)
       at dods.servers.netcdf.NcDODSServlet.doGet(NcDODSServlet.java:264)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
       at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
       at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
       at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at 
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
       at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at 
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
       at 
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
       at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
       at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
       at 
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
       at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
       at java.lang.Thread.run(Thread.java:534)

In my ${tomcat_home}/webapps/thredds/WEB-INF/web.xml I added this 
security-constraint:
<security-constraint>
   <display-name>User thredds</display-name>
   <web-resource-collection>
     <web-resource-name>thredds allowed</web-resource-name>
     <url-pattern>/dodsC/*</url-pattern>
     <http-method>GET</http-method>
   </web-resource-collection>
   <auth-constraint>
     <role-name>thredds</role-name>
   </auth-constraint>
   <user-data-constraint>
     <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
 </security-constraint>

I'd like to know how to limit data access.

Best regards, Luca



--
Giacomelli Luca
Laboratorio di Simulazioni Numeriche del Clima e degli Ecosistemi Marini
Università degli Studi di Bologna-Corso di Laurea in Scienze Ambientali
Via S.Alberto 163, 48100 Ravenna
Tel. +39 0544937324 - Fax +39 0544937323
Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invito ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandomene gentilmente comunicazione. Grazie.
Pursuant to Legislative Decree No. 196/2003, you are hereby informed that this message contains confidential information intended only for the use of the addressee. If you are not the addressee, and have received this message by mistake, please delete it and immediately notify me. You may not copy or disseminate this message to anyone. Thank you.