tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koes, Derrick" <Derrick.K...@Smith-Nephew.com>
Subject RE: Can authentication to webapps be controlled by Apache HTTPD s erve r rather than tomcat? <eom>
Date Tue, 13 Aug 2002 14:17:56 GMT

Ah, I still have my security-constraint in my web.xml.  I thought, perhaps,
as you point out, I was interpreting tomcatAuthentication="false"
inappropriately.

The 403 is coming from Tomcat.



-----Original Message-----
From: Jacob Kjome [mailto:hoju@visi.com] 
Sent: Tuesday, August 13, 2002 10:07 AM
To: Tomcat Users List
Subject: RE: Can authentication to webapps be controlled by Apache HTTPD s
erve r rather than tomcat? <eom>


Make sure that you don't have any <security-constraint> stuff set up in 
your web.xml for your app.  You either need to handle everything at the 
Apache level or let everything drop through to the Tomcat level.  I know of 
no way to do both at the same time.

Also, is Apache serving up the 403 error or is Tomcat?  The auth should 
*always* work through Apache whether you have tomcatAuthentication="false" 
on the ajp13 connector or not.  The only thing that parameter controls is 
whether request.getRemoteUser() returns the value that Apache forwards onto 
tomcat or null (if tomcatAuthentication="true" which is the default).

Jake

At 02:40 PM 8/13/2002 +0100, you wrote:

>The auth seems to work through apache with this setting, but tomcat still
>gives me the 403 error page.
>
>-----Original Message-----
>From: Jacob Kjome [mailto:hoju@visi.com]
>Sent: Tuesday, August 13, 2002 9:33 AM
>To: Tomcat Users List
>Subject: Re: Can authentication to webapps be controlled by Apache HTTPD
>serve r rather than tomcat? <eom>
>
>
>Yes, but you have to add tomcatAuthentication="false" to your ajp13
>connector in server.xml.  Also, this doesn't seem to work with the Coyote
>connector, only with the normal ajp13. connector.
>
>Once you've done this, do your athentication through Apache and use
>request.getRemoteUser() to get the name of the user who successfully logged
>in through Apache.
>
>Jake
>
>At 01:49 PM 8/13/2002 +0100, you wrote:
> >
>
>
>--
>To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message