You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Koes, Derrick" <De...@Smith-Nephew.com> on 2002/08/13 16:17:56 UTC
RE: Can authentication to webapps be controlled by Apache HTTPD s
erve r rather than tomcat?
Ah, I still have my security-constraint in my web.xml. I thought, perhaps,
as you point out, I was interpreting tomcatAuthentication="false"
inappropriately.
The 403 is coming from Tomcat.
-----Original Message-----
From: Jacob Kjome [mailto:hoju@visi.com]
Sent: Tuesday, August 13, 2002 10:07 AM
To: Tomcat Users List
Subject: RE: Can authentication to webapps be controlled by Apache HTTPD s
erve r rather than tomcat? <eom>
Make sure that you don't have any <security-constraint> stuff set up in
your web.xml for your app. You either need to handle everything at the
Apache level or let everything drop through to the Tomcat level. I know of
no way to do both at the same time.
Also, is Apache serving up the 403 error or is Tomcat? The auth should
*always* work through Apache whether you have tomcatAuthentication="false"
on the ajp13 connector or not. The only thing that parameter controls is
whether request.getRemoteUser() returns the value that Apache forwards onto
tomcat or null (if tomcatAuthentication="true" which is the default).
Jake
At 02:40 PM 8/13/2002 +0100, you wrote:
>The auth seems to work through apache with this setting, but tomcat still
>gives me the 403 error page.
>
>-----Original Message-----
>From: Jacob Kjome [mailto:hoju@visi.com]
>Sent: Tuesday, August 13, 2002 9:33 AM
>To: Tomcat Users List
>Subject: Re: Can authentication to webapps be controlled by Apache HTTPD
>serve r rather than tomcat? <eom>
>
>
>Yes, but you have to add tomcatAuthentication="false" to your ajp13
>connector in server.xml. Also, this doesn't seem to work with the Coyote
>connector, only with the normal ajp13. connector.
>
>Once you've done this, do your athentication through Apache and use
>request.getRemoteUser() to get the name of the user who successfully logged
>in through Apache.
>
>Jake
>
>At 01:49 PM 8/13/2002 +0100, you wrote:
> >
>
>
>--
>To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
>For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>