https://bz.apache.org/bugzilla/show_bug.cgi?id=63808
--- Comment #4 from Arpad Magosanyi <m4g...@gmail.com> --- The cause is found to be the fact that if you have a JkMount in a Location (or perhaps also a Directory) directive, all other autorization and authorization (or even all other?) directives are ineffective. If you document this fact, and the workaround (have a different LocationMatch directive for the same tree with the other directives), you can call it a feature. But not before, IMHO. An example working configuration for the servlet located at /servlet: <Location "/servlet*"> JkMount worker1 AuthType openid-connect SSLVerifyClient require SSLOptions +StdEnvVars SSLOptions +ExportCertData Require valid-user </Location> <LocationMatch /servlet.*> DirectoryIndex off RewriteEngine Off AuthType openid-connect AllowOverride None LogLevel debug Require valid-user SSLOptions +StdEnvVars SSLOptions +ExportCertData SSLVerifyClient require </LocationMatch> -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org