Link to home
Start Free TrialLog in
Avatar of Mark
Mark

asked on

Need to view directory list in apache/tomcat

I've done this before, but have apparently forgotten what I did. I have apache 2.4.16 and Tomcat 8.0.23 on Linux Slackware 64 14.1, kernel 3.10.17.

My Apache DocumentRoot is /srv/httpd/htdocs. My Tomcat $CATALINA_HOME is /srv/tomcat. I have a folder: /srv/tomcat/webapps/ohprs/downloads/jones that I want only user "jones" to have access to. Jones is not a local user. In the jones folder I have a .htaccess file as follows:

AuthType Basic
AuthName "SLC"
AuthUserFile /etc/httpd/passwords
Require user jones

I've added jones to the /etc/httpd/passwords file.

in /etc/httpd/httpd.conf I have:

<Directory /srv/tomcat/webapps/ohprs/downloads/jones>
    Options +Indexes
    AllowOverride All
</Directory>

<Location /ohprs/downloads/jones>
    AuthType Basic
    AuthName "Restricted"
    AuthUserFile /etc/httpd/passwords
    Require valid-user
    AuthBasicProvider file
</Location>

When I enter my URL, https://www.mydomain.com/ohprs/downloads/jones, I get the login dialog. I enter the login info which is accepted. However, I get a 404 status, "The requested resource is not available - Apache Tomcat 8.0.23".

The message in /var/log/httpd/access_log is:
[30/Jul/2015:02:41:40 -0400] 76.181.65.196 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /ohprs/downloads/jones HTTP/1.1" -
[30/Jul/2015:02:41:40 -0400] 76.181.65.196 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /ohprs/downloads/jones/ HTTP/1.1" 1040

Open in new window

Nothing logged in $CATALINA_HOME/logs/catalina.out

What am I doing wrong?
Avatar of rrz
rrz
Flag of United States of America image
What does
$CATALINA_HOME/logs/localhost_access_log.2015-7-30.txt  
list as the path for that 404?
Also, wouldn't Tomcat be looking for the welcome file? What does the web.xml file for the ohprs web app list in the welcome file tag?
Anyway, I can suggest one possible solution.  
Change the web.xml file of the ohprs web app to include something like the following. 
    <welcome-file-list>
        <welcome-file>listFiles.jsp</welcome-file>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

Open in new window

Create a file called listFiles.jsp inside of ohprs/downloads/jones  and use the following code as contents. 
    <%@ page import="java.io.*,java.util.*" %>
    <%
	    String dirPath = application.getRealPath("/downloads/jones");
	    File dir = new File(dirPath);
	    String[] fileList = dir.list();
	    ArrayList<String> list = new ArrayList<String>();
	    for(String file: fileList){
	        if(!"listFiles.jsp".equals(file))list.add(file);
	    }
    %>
	 <%=list%>

Open in new window

Avatar of Mark
Mark

ASKER

rrz:
What does $CATALINA_HOME/logs/localhost_access_log.2015-7-30.txt  list as the path for that 404? 
$ grep tanner localhost_access_log.2015-07-30.txt
76.181.65.196 - - [30/Jul/2015:02:41:02 -0400] "GET /ohprs/downloads/jones/ HTTP/1.1" 404 1040
76.181.65.196 - - [30/Jul/2015:02:41:40 -0400] "GET /ohprs/downloads/jones HTTP/1.1" 302 -
76.181.65.196 - - [30/Jul/2015:02:41:40 -0400] "GET /ohprs/downloads/jones/ HTTP/1.1" 404 1040
76.181.65.196 - - [30/Jul/2015:02:42:01 -0400] "GET /ohprs/downloads/jones/ HTTP/1.1" 404 1040

Open in new window

Also, wouldn't Tomcat be looking for the welcome file? What does the web.xml file for the ohprs web app list in the welcome file tag? 
  <!-- ==================== Default Welcome File List ===================== -->
  <!-- When a request URI refers to a directory, the default servlet looks  -->
  <!-- for a "welcome file" within that directory and, if present, to the   -->
  <!-- corresponding resource URI for display.                              -->
  <!-- If no welcome files are present, the default servlet either serves a -->
  <!-- directory listing (see default servlet configuration on how to       -->
  <!-- customize) or returns a 404 status, depending on the value of the    -->
  <!-- listings setting.                                                    -->
  <!--                                                                      -->
  <!-- If you define welcome files in your own application's web.xml        -->
  <!-- deployment descriptor, that list *replaces* the list configured      -->
  <!-- here, so be sure to include any of the default values that you wish  -->
  <!-- to use within your application.                                       -->

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

Open in new window

Your suggested .jsp would certainly work, but I'm really looking for a non-programmed solution. As I said, I did this once before, but I forget how. The "Default Welcome File" description in web.xml says,

"If no welcome files are present, the default servlet either serves a directory listing (see default servlet configuration on how to customize) or returns a 404 status, depending on the value of the listings setting."

I suppose I need to look at the "default servlet configuration". Do you know where that would be? In the meantime, I'll research.
Avatar of Mark
Mark

ASKER

more info ...

The web.xml says, "listings            Should directory listings be produced if there  is no welcome file in this directory?  [false] WARNING: Listings for directories with many entries can be slow and may consume significant proportions of server resources."

The section defining this has:
    <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>listings</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

Open in new window

So, I suppose I could simply set this to 'true', but I wonder if there is a way to restrict this to just my desired directory? How do Apache's <Directory> and <Location> directives work here? Are they ignored? I'll experiment.
SOLUTION
Avatar of rrz
rrz
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of rrz
rrz
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of rrz
rrz
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Mark
Mark
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rrz
rrz
Flag of United States of America image
I don't know the Apache Web Server very well. So, I can't comment on your solution.  I was looking at this question for a Tomcat perspective.  You should mark your comment as the solution.
Avatar of Mark
Mark

ASKER

I settled on a non-Tomcat solution