You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Michael Hale <mh...@rolemodelsoft.com> on 2001/04/07 05:04:16 UTC

Security issues with tomcat-apache combo

Here is the situation:
	I have some webapps that I would like to require password access to.
	I can do this using the web.xml file if I only use tomcat.

The problem:
	I need to have tomcat be a plugin to apache, but when I run them together
	apache handles all requests that are not for jsp's or servlets.  This
causes
	all non jsp or servlet stuff to be unprotected.

Questions:
	Is there a way to allow tomcat to handle all requests and still be
	able to use the dynamically generated mod_jk.conf-auto file?

	Is there another better way to setup coordinate security in tomcat+apache?


Thanks in advance,

Michael Hale
RoleModel Software (www.rolemodelsoft.com) - The XP Software Studio
mhale@rolemodelsoft.com
919.557.6352