tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrián Córdoba <>
Subject Re: Tomcat behind Apache and security-constraint
Date Thu, 21 Jul 2011 18:01:00 GMT
Konstantin / Barry / André:
Thank you for replay.

1- No important access log is showed for this issue.

2- I have ROOT webapp deployed in Tomcat.

3- I have Apache connected to Tomcat through JK Connector 1.2.32. (I want to
say the  web application works fine if I use an URL to Tomcat, but doesn't
work (only the content within security-constraint) if I use an URL to
Platform is OpenSuse 11.4.

4- Details:
*Application structure*:
Andromeda/WebContent/index.jsp (entry page)

The "WebContent/index.jsp" page has two links: a link to
WebContent/internal/internal.jsp", and the other one to
The "WebContent/internal/" directory is protected by the following security
constraint in the web.xml file:


Also, I declared in the web.xml file:

<!-- Security roles -->

<!-- Form-based authentication -->

And in the tomcat-users.xml file, I set:

<role rolename="internal-access" />
<user username="xx" password="yy" roles="internal-access" />

I can get the entry page with the "http://localhost/AppPrefix/index.jsp" URL
through Apache server.
When I make click in the internal.jsp link, I get the login.jsp page. That's
But when I submit the credentials (username: xx / password. yy), I get a
blank page (with http://localhost/Andromeda/internal/j_security_check in the
URL bar), instead of the internal.jsp page.

If I access to entry page with "http://localhost:8080/AppPrefix/index.jsp"
URL, (skipping Apache server,) I can get the internal.jsp page when I submit
the credentials.
Also, if I delete the security constraint, the web application works fine.

The relevant Apache configuration is:

httpd.conf file:

LoadModule    jk_module  modules/
JkWorkersFile /opt/httpd-2.2.17/conf/
JkShmFile     /var/log/httpd2.2.17/mod_jk.shm
JkLogFile     /var/log/httpd2.2.17/mod_jk.log
JkLogLevel    info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

<VirtualHost *:80>
ServerAdmin *****
ServerName ASIA
DocumentRoot /opt/apache-tomcat-7.0.12/webapps/
ErrorLog /var/log/httpd2.2.17/andromeda-error_log
CustomLog /var/log/httpd2.2.17/andromeda-access_log combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
JkMount  /Andromeda/* worker1
  <Directory "/opt/apache-tomcat-7.0.12/webapps/Andromeda">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all

and file:



May be, I have a configuration mistake.

Thank you.

[Adrián Córdoba]

2011/7/21 André Warnier <>

> Adrián Córdoba wrote:
>> Hi!
>> I have a very simple web application
>> (JSP<**forums/f-50/JSP<>>
>> based),
>> deployed on Tomcat webapps directory with a security constraint in order
>> to
>> protect an internal directory. Tomcat (7.0.12) is running behind Apache
>> (2.2.17) web server (httpd).
>> If I try to access to some file within internal directory, directly in
>> Tomcat (*http://localhost:8080/...*), username and password are required,
>> and I can reach the file (if username and password are wright). That's
>> wright!
>> But, *if I try to access the same file within internal directory, through
>> Apache web server* (*http://localhost/...*), username and password are
>> required, but *a blank page is displayed on Firefox navigator*.
>> (If I delete the security constraint, the web application works fine.)
> What is missing in your otherwise good description above, is how you are
> connecting Apache httpd to Tomcat, and maybe some part of the configuration
> thereof.
> Also, on which platform this is running.
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**<>
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message