tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <>
Subject Re: Connectors, Realms, 4.0.2b2 - 403 Access Denied
Date Wed, 06 Feb 2002 02:04:39 GMT
There was a bug in the Tomcat 4 AJP code which caused this.  That bug was
fixed within the last week in the jakarta-tomcat-connectors CVS repository.

I don't know when this will get into the Tomcat 4 distribution.



Jonathan Pierce wrote:
> I'm posting this question a second time since I am not sure if mailer problems
> on my end prevented it from reaching the list and I got no responses on the
> issue.
> The security implementation in Tomcat 4.0.2b2 and earlier seems to depend on
> using redirect urls. This doesn't seem to work correctly with connectors such as
> the IISAPI IIS connector.
> What is the strategy for supporting basic or form based authentication through
> connectors? Should this be implemented without using redirect?
> I've configured Tomcat4.0.2b2 with the AJP 1.3 Connector and successfully
> installed the iisapi dll from Tomcat3.3 into IIS. I am attempting to serve a
> protected page through the connector using the protected realm example.
> When I hit the page directly on port 8080, I get the expected login form
> challenge behavior. When I hit the page through the connector, I get a 403
> access denied error.
> Is serving protected pages through connectors supposed to be supported in 4.0.2?
> http://localhost:8080/examples/jsp/security/protected/index.jsp redirects to the
> login screen as expected.
> http://localhost/examples/jsp/security/protected/index.jsp
> returns 403 - Access to the requested resource has been denied
> -Jonathan
> *****************************************************************************
> This email and any files transmitted with it are for the named person's use only.  It
may contain confidential, proprietary or legally privileged information.  No confidentiality
or privilege is waived or lost by any mistransmission. If you receive this message in error,
please immediately delete it and all copies of it from your system, destroy any hard copies
of it and notify the sender.  You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended recipient.
> This email message has been swept by a virus software product for the presence of computer
> *****************************************************************************
> --
> To unsubscribe, e-mail:   <>
> For additional commands, e-mail: <>

Glenn Nielsen    | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message