httpd authentication with tomcat authorization

["Robert J. Carr" <rj...@gmail.com>]

I have a setup where httpd is doing my (basic) authentication but I need
tomcat (6, if it matters) to manage the roles and do the authorization.
The link between httpd and tomcat is through the ajp connector and on this
connector's config I've added:

    tomcatAuthentication="false"

This passes the authenticated user name as expected, but even if I have
this user listed in my tomcat-users.xml file, I get a 403 (access denied).

I'm using the standard UserDatabaseRealm and I'm happy to continue using it
with the tomcat-users.xml file. What I've learned, however, is that when
tomcatAuthentication is off then instead of the UserDatabaseRealm producing
the principal (GenericPrincipal) it is produced by the connector (I think)
and is then a CoyotePrincipal.

So, because it is unrecognized, the UserDatabaseRealm rejects this
principal in the hasRole() method and it always returns false.

The Realm API seems straight forward enough, but before I create my own and
parse the users file and package my realm to place in the container and
probably a few other steps I'm wondering if there's something simpler I
could do that's already out there?  This seems like a reasonably common
thing but I couldn't find anything relevant.

Thanks for the time!