On Thursday, September 4, 2003 at 6:36:38 AM, Bill Barker wrote: BB> You need to add j_security_check to the URIs that get passed to Tomcat. I BB> don't use Jk2 myself, but if your version is recent enough, I believe that BB> you can even use: BB> /*/j_security_check ajp13
Thanks. I have eventually got this sorted out. My problems were due to not really understanding how things worked, and not getting my local setup close enough to the setup on my host. The final solution: set the target of the login form to /servlet/j_security_check. Apache maps /servlet/* to Tomcat (at least it does now I've changed the setup, and it always did on my host). The request is then picked up by the SecurityFilter, which looks for j_security_check on the end of the request. Bingo! This solution has not involved changing the URLs that are passed to Tomcat, which was one of the aims. And hasn't involved anything fancy in the webapp either, which is another plus. BB> If I'm wrong (and that doesn't work), simply put the full path to BB> j_security_check. BB> "Louise Pryor" <[EMAIL PROTECTED]> wrote in message BB> news:[EMAIL PROTECTED] >> Hi >> >> I'm having a problem using form-based authentication. It all works >> fine with standalone Tomcat, but goes pear shaped on Apache with >> Tomcat. It seems to be the same problem that is described in >> http://www.mail-archive.com/[EMAIL PROTECTED]/msg43091.html >> (but I think it's more a Tomcat thing than a struts thing). >> >> Basically, I'm using the securityfilter filter from >> http://www.securityfilter.org/. I have a login.jsp that submits a form >> to j_security_check in the usual way. The only trouble is that Apache >> comes back with an Apache 404 on /path-to-login.jsp/j_security_check. It BB> is >> clearly not passing j_security_check through to Tomcat to handle. >> >> The URL at the top of this message suggests passing all requests >> through to Tomcat (at least I think that's what it means - it uses >> mod_jk, and I'm using mod_jk2, which I'm not totally expert at >> anyway). First, that doesn't seem to work for me, and second, although >> I could configure things that way on my local setup it's not a >> realistic option for deployment, where I'm on a shared server. >> >> The support guy at my hosting service suggested making the target of >> the form /servlet/j_security_check, which at least gets it through to >> Tomcat --- which then gives me a 404. Obviously this is right, because >> I have no servlet mapping that would pick it up. >> >> So is there a way of defining a servlet mapping (or indeed any other >> element in web.xml) that would push things through to the right place? >> >> Alternatively is there any way of doing this programmatically? Could I >> send the form into a servlet which could then forward or redirect to >> j_security_check directly, without going through Apache? If so, how? >> >> Thanks for any help on this. >> >> -- >> Louise Pryor >> http://www.louisepryor.com BB> --------------------------------------------------------------------- BB> To unsubscribe, e-mail: [EMAIL PROTECTED] BB> For additional commands, e-mail: [EMAIL PROTECTED] -- Louise Pryor http://www.louisepryor.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]