Just a thought, might not be true (since I haven't checked this behaviour). When you go through Apache (and if Apache has BASIC authentication setup), the Apache authentication will take precedence. Once you have entered the userid/password in the authentication dialog box, the browser will from then on keep sending the Authentication header (Base64 encoded userid/pwd) to the webserver. So if Tomcat has a BASIC authentication setup too, then it will not send a 401 response code since the browser has sent the Authentication header (ofcourse the userid/pwd for both Apache and Tomcat should be the same. Else Tomcat will send a 401 response code).
RS Jacob Kjome <[EMAIL PROTECTED]> on 07/24/2002 10:41:58 AM Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> cc: Subject: Re[2]: Apache Authentication Hello Kevin, That's a question for the developers. I don't think it is possible, actually. I think if you set your BASIC auth up in the web.xml and in Apache, then you get the case where, when you go through Apache on port 80, you get prompted for username/password by Apache and then again by Tomcat. However, in this setup, if you went to port 8080, directly to Tomcat, then it would work fine. So, you kind of need to make a choice as to whether to disable the authentication set in web.xml and just use Apache or just let Apache forward the request without asking for authentication and let Tomcat deal with that. It sure seems like a better solution ought to be possible. Jake Monday, July 22, 2002, 1:11:15 PM, you wrote: KA> OK, KA> So what if I want in one application to use Tomcat Authentication and in KA> the other use Apache's Authentication. Is that possible?? KA> Thanks, KA> Kevin KA> Kevin Andryc KA> Web Systems Engineer KA> MISER KA> http://www.umass.edu/miser/ KA> Phone: (413)-545-3460 KA> [EMAIL PROTECTED] KA> -----Original Message----- KA> From: Jacob Kjome [mailto:[EMAIL PROTECTED]] KA> Sent: Monday, July 22, 2002 02:07 PM KA> To: Tomcat Users List KA> Subject: Re: Apache Authentication KA> Hello Kevin, KA> You need to add tomcatAuthentication="false" to your jk connector KA> definition in server.xml. KA> <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" KA> port="8009" minProcessors="5" maxProcessors="75" KA> acceptCount="10" debug="0" tomcatAuthentication ="false"/> KA> Note that tomcatAuthentication does not seem to be implemented KA> properly in Coyote. For instace, the analog to the above connection KA> for Coyote would be the following which currently doesn't work KA> (getRemoteUser() returns null): KA> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" KA> port="8009" minProcessors="5" maxProcessors="75" KA> enableLookups="true" redirectPort="8443" KA> acceptCount="10" debug="0" connectionTimeout="20000" KA> useURIValidationHack="false" tomcatAuthentication ="false" KA> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> KA> Let me qualify that. It doesn't work when using mod_jk. I haven't KA> gotten thing to work using mod_jk2, so it may work in that case, but KA> it should work in both. KA> To Tomcat Developers... KA> Is there another way that Coyote implemented to grab the auth info KA> from Apache? KA> Jake KA> Monday, July 22, 2002, 12:55:31 PM, you wrote: KA>> I just converted over from Tomcat 3.2.X to Tomcat 4.0.4 on Linux using KA>> Apache 1.3.26. In the Apache httpd.conf file, we have an Alias that KA> points KA>> to a directory that uses Apache's authentication. In Tomcat 3.2.X, I KA> used KA>> mod_jserv which integrated well and I could get the remote user and use KA>> Apache to authenticate. I was wondering how I could use mod_jk to do the KA>> same. Right now, when I do a getRemoteUser() it returns null. KA>> Thanks, KA>> Kevin KA>> Kevin Andryc KA>> Web Systems Engineer KA>> MISER KA>> http://www.umass.edu/miser/ KA>> Phone: (413)-545-3460 KA>> [EMAIL PROTECTED] KA>> -- KA>> To unsubscribe, e-mail: KA> <mailto:[EMAIL PROTECTED]> KA>> For additional commands, e-mail: KA> <mailto:[EMAIL PROTECTED]> KA> -- KA> Best regards, KA> Jacob mailto:[EMAIL PROTECTED] KA> -- KA> To unsubscribe, e-mail: KA> <mailto:[EMAIL PROTECTED]> KA> For additional commands, e-mail: KA> <mailto:[EMAIL PROTECTED]> KA> -- KA> To unsubscribe, e-mail: < mailto:[EMAIL PROTECTED]> KA> For additional commands, e-mail: < mailto:[EMAIL PROTECTED]> -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: < mailto:[EMAIL PROTECTED]> For additional commands, e-mail: < mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>