Hi, I've encountered a difficulty in a web site implementation, which uses Tomcat 4.1.18 on RH Linux 8.0, MySQL 3.23.54, J2SDK 1.4.1_01, and connection pooling with Form based authentication. Everything was working fine, until some tweaks were done to the proxy server.
The directory strucuture is as follows: CATALINA_HOME/webapps/LiveSite/Restricted CATALINA_HOME/webapps/LiveSite/[main files and folders] CATALINA_HOME/webapps/LiveSite/Login/login.jsp I'm told that there is an Apache proxy server set up, that forwards the requests to Tomcat. When it was originally set up, requests that came in for www.companyName.com would be redirected to the LiveSite folder, and the index.jsp page was served up. I noticed that the URL in the browser would display the "LiveSite" folder in the address bar, after www.companyName.com, like this: www.companyName.com/LiveSite/index.jsp. After some tweaks were done on the proxy server, the LiveSite folder no longer displays in the address bar. As a matter of fact, if you include it, you get a 404 page not found error. This would all be fine, and an improvement, since it hides the directory structure, if it weren't for what it has done to the authentication process. Everything under the Restricted folder requires login. So, when everything was working, a person would login, and, once authenticated, they would be able to happily do their thing in that admin area. Now, however, they can login in (usually after three attempts), but the stylesheets are no longer recognized, the javascripts are not recognized, images are broken, and if you click on a link, you are presented with the login screen again. There seems to be domain/directory structure confusion in the server. My problem is that I don't know which server is confused. I think that this LiveSite folder is now the default root folder. I tried to set this as such in the server.xml file in Tomcat, to see if that would help. So, whereas I'd had the context as this: <Context path="/LiveSite" docBase="LiveSite" debug="0" reloadable="true" > I tried changing it to this: <Context path="" docBase="LiveSite" debug="0" reloadable="true" > This at first looked like a good move, until I discovered that doing this gave me the following error: java.sql.SQLException: Cannot load JDBC driver class 'null' so I've put it back the way I had it. At least people can view the site, though they can't use the restricted admin area, because they keep getting the login page coming up. It's like the session is lost, but the log files in Tomcat don't show an error. In the web.xml file for the site, this is what I have for the security constraint on the restricted folder: <security-constraint> <web-resource-collection> <web-resource-name>Admin</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/Restricted/*</url-pattern> snip... </web-resource-collection> <auth-constraint> <description>only let the admin users login</description> <role-name>role1</role-name> <role-name>role2</role-name> </auth-constraint> </security-constraint> Since the problems started with tweaks that were done on the proxy server, I think we should be looking there. But I've been told that the problem is probably with the site or Tomcat. However, all of the documentation that I've read, and the searching I've done in the archives, has brought me to a dead end. And I still think there must be something that either should be done in Tomcat to accommodate the fact that requests are going through a proxy (though the same settings that I've got on this site work on other sites that are on the same server--they're just not the default sites), or there should be something done to the proxy itself. I have been searching for a solution for two days, and don't know what direction to go in. The Tomcat logs don't indicate that there is a problem at all, unless I have the context path as "", and searching on the SQLException didn't get me anywhere. If anyone can give me a direction to look, I'd be really grateful. Thanks for any help. Val --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]