Ah, I still have my security-constraint in my web.xml. I thought, perhaps, as you point out, I was interpreting tomcatAuthentication="false" inappropriately.
The 403 is coming from Tomcat. -----Original Message----- From: Jacob Kjome [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 10:07 AM To: Tomcat Users List Subject: RE: Can authentication to webapps be controlled by Apache HTTPD s erve r rather than tomcat? <eom> Make sure that you don't have any <security-constraint> stuff set up in your web.xml for your app. You either need to handle everything at the Apache level or let everything drop through to the Tomcat level. I know of no way to do both at the same time. Also, is Apache serving up the 403 error or is Tomcat? The auth should *always* work through Apache whether you have tomcatAuthentication="false" on the ajp13 connector or not. The only thing that parameter controls is whether request.getRemoteUser() returns the value that Apache forwards onto tomcat or null (if tomcatAuthentication="true" which is the default). Jake At 02:40 PM 8/13/2002 +0100, you wrote: >The auth seems to work through apache with this setting, but tomcat still >gives me the 403 error page. > >-----Original Message----- >From: Jacob Kjome [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, August 13, 2002 9:33 AM >To: Tomcat Users List >Subject: Re: Can authentication to webapps be controlled by Apache HTTPD >serve r rather than tomcat? <eom> > > >Yes, but you have to add tomcatAuthentication="false" to your ajp13 >connector in server.xml. Also, this doesn't seem to work with the Coyote >connector, only with the normal ajp13. connector. > >Once you've done this, do your athentication through Apache and use >request.getRemoteUser() to get the name of the user who successfully logged >in through Apache. > >Jake > >At 01:49 PM 8/13/2002 +0100, you wrote: > > > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>