I found the solution by googling around:
Edit conf/server.xml, and add the 'tomcatAuthentication=false' snipet to the 8009 connector section:
<Connector port="8009"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" tomcatAuthentication="false"/>This fixed my problem.
The related posts that I found related to older versions of Tomcat and the connector, but it seems to apply with 5.0 as well.
Duane Winner wrote:
Hello all,
I'm having a problem getting Apache authentication credentials passed on to Tomcat servlets.
I am running: FreeBSD 4.9 Apache2 (FreeBSD port) Tomcat 5.0 (FreeBSD port) mod_jk2 (built from jk2-2.0.2 source)
I can connect to sample Tomcat servlets through Apache fine, but once I turn on Apache authentication, my servlets don't work, because they need to match the Apache credentials with a MySQL table.
We use FakeBasicAuth, matching the user DN with the DN in the database, but I'm just trying with regular BasicAuth for now, and that doesn't seem to work either.
We are porting from JRun (which works fine, but is on a RedHat box) and we're using mod_jrun on that, not jk2.
I installed the "SnoopServlet" to see what was going on, and as you can see from my output below, the "Remote user" parameter is being returned as "null". But other client-side info is getting passed along, such as IP address, browser, etc. I know that Apache authentication is working with both Basic Auth and FakeBasicAuth because I can see my user name (or DN) in the logs after I type my username and password when prompted by the browser (or send my client cert when using FakeBasicAuth).
Is there something I can do to fix this or is there something wrong with mod_jk2? Anybody else have this problem?
Thanks so much for any info, [EMAIL PROTECTED]
Results of SnoopServlet:
Requested URL: https://my.site.here/library/servlet/SnoopServlet
Request information: Request method: GET Request URI: /library/servlet/SnoopServlet Request protocol: HTTP/1.1 Servlet path: /servlet/SnoopServlet Path info: <none> Path translated: <none> Query string: <none> Content length: 0 Content type: <none> Server name: my.site.here Server port: 443 Remote user: <none> Remote address: 10.10.100.87 Remote host: 10.10.100.87 Authorization scheme: <none>
Request headers:
host: my.site.here
user-agent: Mozilla/5.0 (X11; U; FreeBSD i386, en-US; rv:1.6) Gecko/20040410
accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
accept-language: en-us,en;q=0.5 accept-encoding: gzip,deflate accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 connection: keep-alive authorization: Basic ZHdpbm5lcjo5cGhpbHM5Mw== content-length: 0
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
