We have a winner!! The authority on JDEANE had *PUBLIC *CHANGE. On TEST15, it was *PUBLIC *EXCLUDE. I changed the authorization list for library TEST15 to add QTMHHTTP with *USE authority and it worked!! Thanks so much.

Dean Eshleman
Everence Financial

On 12/8/2017 3:45 PM, Kevin Bucknum wrote:
What do the permission on JDEANE look like? We don't use CGI for
anything anymore, so it's been many beers ago since I had to play with
any of this. My recollection is that ServerUserID behaves differently
depending on where it is in the config file. It may still be checking
permissions as QTMHHTTP or QTMHHTP1.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: WEB400 [mailto:web400-bounces-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx] On Behalf Of Dean
Eshleman
Sent: Friday, December 8, 2017 2:26 PM
To: web400-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx
Subject: Re: [WEB400] Apache configuration problem

Kevin,

Thanks for the suggestion. I checked the authority on TEST15 and it
is
secured by an authorization list that contains user WEBSVC with *ALL
authority. When I look at the Apache error_log file, I see the
message "[Fri
Dec 08 14:23:15 2017] [error] [client 10.1.10.250] (3401)Permission
denied.:
ZSRV_MSG064B: access to /read/GetCharitableGiving denied". When I
look
at the server jobs for the Apache server, I don't see any error
messages.
From what I can tell, it doesn't look like it gets to the point for
trying to call my
RPG program. I tried using a different user for the ServerUserID, but
I still
received the same error.

From reading the Apache documentation, it looks like the Location
directives
are processed after the Directory directives. With that being the
case, I
would have thought that my last Location directive <Location
/read/GetCharitableGiving>
Order Deny,Allow
Allow From All
</Location>

Would have given me authority to access it. Any other ideas?

Dean E.


On 12/8/2017 3:00 PM, Kevin Bucknum wrote:
It likely the permission differences between library JDEANE and
TEST15, and not your config.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: WEB400
[mailto:web400-bounces-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx]
On
Behalf Of Dean Eshleman
Sent: Friday, December 8, 2017 1:37 PM
To: web400-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx
Subject: [WEB400] Apache configuration problem

I'm trying to call a web service configured in Apache and I keep
receiving a
403 error. I have changed the Apache configuration multiple times
and
I can't
figure out what is causing the problem. Here is some of the config
file:

<Directory />
Order Deny,Allow
Deny From all
</Directory>
<Directory /www/apachews/htdocs>
Order Allow,Deny
Allow From all
</Directory>

<Directory /qsys.lib/test15.lib/>
Order Allow,Deny
Allow From all
</Directory>

ScriptAlias /restsrv1 /qsys.lib/jdeane.lib/restsrv1.pgm

ScriptAlias /restsrv2 /qsys.lib/jdeane.lib/restsrv2.pgm

ScriptAlias /read/GetHealthInsurance
/qsys.lib/jdeane.lib/restsrv4.pgm

ScriptAlias /read/GetClientsForName
/qsys.lib/jdeane.lib/restsrv3.pgm

ScriptAlias /read/GetData /qsys.lib/jdeane.lib/$getwebsvc.pgm

ScriptAlias /read/GetCharitableGiving
/qsys.lib/test15.lib/gww044.pgm

<Location /restsrv2>
SetEnv QIBM_CGI_CHANGE_CURLIB N
ServerUserID JDEANE
SetEnv QIBM_CGI_LIBRARY_LIST
"QGPL;JDEANE;MGPL;LIBHTTP;CGIDEV2"
</Location>
<Location /read>
ServerUserID WEBSVC
SetEnv QIBM_CGI_CHANGE_CURLIB N
SetEnv QIBM_CGI_LIBRARY_LIST
"QGPL;ISDEPT;MGPL;TAATOOL;OBJECT;YAJL"
</Location>
<Location /read/GetData>
Order Allow,Deny
Allow From 10.2.0.31 10.2.0.109 10.1.10.250 </Location>
<Location
/read/GetCharitableGiving>
Order Deny,Allow
Allow From All
</Location>

I'm using SOAPUI to do my testing and the URL I'm using is
http://as400.mma-
online.org:8500/read/GetCharitableGiving?ownerclientid=1234567.
What
is
strange is that I'm able to call the http://as400.mma-
online.org:8500/read/GetData?firstname=Marilyn&lastname=Yoder just
fine. Why does GetData work and GetCharitableGiving doesn't? Any
ideas
why my config file isn't working? This is Apache 2.2 on IBM I 7.1.

Dean Eshleman
Software Development Architect
Everence

1110 North Main Street
PO Box 483
Goshen, IN 46527
(800) 348-7468 ext. 3528
(574) 533-9515 ext. 3528
everence.com<http://www.everence.com/>
[fc2745be-b863-4611-91bd-
0b5a45f8fda6]<http://www.everence.com/MyNeighbor>

__________________________________________________________
____________
Confidentiality Notice: This information is intended only for the
individual or
entity named. If you are not the intended recipient, do not use or
disclose
this information. If you received this e-mail in error, please delete
or
otherwise destroy it and contact us at (800) 348-7468 so we can take
steps to
avoid such transmission errors in the future. Thank you.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list
To post a message email: WEB400-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx To subscribe,
unsubscribe,
or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/web400.


______________________________________________________________________
Confidentiality Notice: This information is intended only for the individual or entity named. If you are not the intended recipient, do not use or disclose this information. If you received this e-mail in error, please delete or otherwise destroy it and contact us at (800) 348-7468 so we can take steps to avoid such transmission errors in the future. Thank you.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.