All: I made the original post in this thread, and thanks to the replies I received, was able to implement FORM-based CMA in my application.
As you can see in the message below, I was left with one residual problem: Although FORM-based CMA worked fine in a standalone Tomcat environment, when I switched to an integrated Apache-Tomcat environment, I got a 404 not-found error from Apache for "j_security_check"; in other words, Apache never passed this request through to Tomcat. Again thanks to several replies I received, I've been able to resolve this problem. Eddie Bush, in particular, was helpful and asked me to post the solution on this list when I found it. So here goes. Bear in mind that, in the example below, "ebps" is the name of my application domain. The solution involved modifying Tomcat's mod_jk.conf file. The original set of mappings in mod_jk.conf for my application context was: JkMount /ebps/servlet/* ajp13 JkMount /ebps/*.jsp ajp13 JkMount /ebps/ ajp13 JkMount /ebps/*.do ajp13 On spec, I tried adding various mappings that assigned "j_security_check" to the ajp13 worker. The mapping that worked is: JkMount /ebps/* ajp13 .....which in effect maps ALL requests to the ajp13 worker. I've done some light testing, and there do not seem to be any adverse side effects to including this mapping, but I do have to caution everyone that I haven't yet done through testing. -----Original Message----- From: Charles McClain [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 8:18 AM To: 'Struts Users Mailing List' Subject: RE: Logout in a container-managed security environment -- Follow-up All: Just to close the loop: The 404 not-found error I was receiving was coming from the Apache webserver; when I switched to using the Tomcat servlet container standalone, FORM-based authentication -- set up as per the advice of those of you who replied -- worked properly. I *thought* that I had Apache configured to pass everything through to Tomcat, but obviously, I have something wrong in my Apache configuration. I'll take a look at that in the near future. Thanks again, -- Charlie -----Original Message----- From: Charles McClain [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 7:10 PM To: Struts User Mailing List Subject: Logout in a container-managed security environment -- Follow-up All: I received several replies to my original question, all of which indicated that, in order to do a forceful logout, I needed to use FORM-based CMA rather than BASIC. One of the replies recommended an article on the topic, which I downloaded and read. I implemented FORM-based authentication, making the changes to my web.xml, indicating the login form and error page, etc. The container (Tomcat 4.0) seems to know that I want FORM-based authentication, since it pops up my login page. I did, by the way, include the fields j_username and j_password, and my form action is j_security_check, as per the instructions. However, when I press the submit button, my browser gives me a 404 not-found error on the (nonexistent, of course) page j_security_check. I've checked the Apache and Tomcat logs, and one of the Tomcat logs tells me that it has "Configured an authenticator for method FORM", but it still seems to be looking for a page by that name rather than invoking the method. Anyone have any ideas? Charles McClain Phone: 603.659.2046 email: [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>