Did someone find a solution ? We are stuck on the same problem. In fact, the problem is not really that the getRemoteUser() returns an empty string instead of a null string : Normally, when a user is already authenticated but is trying to access to a ressource for which he is not in a valid role, the server should open the login box a second time ; so even if getRemoteUser() returns "" and that Tomcat considers it's the user name, it should open the login box and not send a 403 error code.
In fact, when I test the same web application on Tomcat 3.3, it works (I mean I can identify myself on the login box) but with Tomcat 4 it directly rejects me... Every piece of info would help... Regards. > > >Scenario: > > >(1) Browser -> http://TomcatHTTPServer:8080 (no authentication) > > > > > >getRemoteUser() and getAuthType() return NULL, as expected > > > > > >(2) Browser -> https://TomcatHTTPServer:8443 (no authentication) > > > > > >getRemoteUser() and getAuthType() return NULL, as expected > > > > > >(3) Browser -> https://IISServer:443(BASIC Auth) -> ISAPI -> AJP13 > > > > > >getRemoteUser() returns authenticated user name, > > >getAuthType() returns "Basic", as expected > > > > > >(4) Browser -> http://IISServer:80(NO Auth) -> ISAPI -> AJP13 > > > > > >getRemoteUser() and getAuthType() return "" (Empty String) > > >This is NOT as expected, and causes Tomcat to reject the request > > >because it thinks the request is already authenticated but > > >doesn't match the requested page's realm. > > > > > >Is this: > > > > > >a) Working as specified? > > >b) A bug in the ISAPI filter? > > >c) A bug in Tomcat? > > >d) Something else? > > > > > >Thanks in advance. > > > > > >-- > > >James Garrison Athens Group, Inc. > > >mailto: [EMAIL PROTECTED] 5608 Parkcrest Dr > > >http://www.athensgroup.com Austin, TX 78731 > > >PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 > > > > > > > Ignacio J. Ortega wrote: > >De: James Garrison [mailto:[EMAIL PROTECTED]] > >Enviado el: martes 23 de abril de 2002 18:48 > > > > > > Needed more information, which Tomcat version?, post the connector or > > interceptor line for ajp13 prsent in your server.xml file.. > > > > The Tomcat version is 4.0.2. Here's the Connector definition: > > > <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" > port="8009" minProcessors="5" maxProcessors="75" > acceptCount="10" debug="0" > tomcatAuthentication="false"/> > > > The results are the same with tomcatAuthentication="true" and also > when the tomcatAuthentication parameter is omitted. > > -- > James Garrison Athens Group, Inc. > mailto:[EMAIL PROTECTED] 5608 Parkcrest Dr > http://www.athensgroup.com Austin, TX 78731 > PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- _______________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>