Hi Jacob, (got your name right this time :-)
Things to verify/try 1. The webserver has successfully authenticated the request, and you can see this username appearing in the Apache access log. You mention that CGI's and other PHP pages authenticate correctly, but verify that the URL of your servlet is also being correctly authenticated in this way. If you have multiple location & directory directives in Apache specifying access controls they can often interact in non-obvious ways. 2. You are using the latest jk2 module version. 3. If you are still hitting a brick wall with this, try using mod_jk instead of jk2 as a test and see if this makes a difference. Good luck! Morgan > -----Original Message----- > From: Jerome Lacoste @ BBC [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 28, 2003 14:11 > To: Tomcat Users List > Subject: [Re-repost] tomcat/jk2/apache: authentication not > taken into account for webapps > > > Still stuck... Need help on how to debug authentication. > > Morgan Pyne wrote: > > >Hi Jacob, > > > Hi Morgan, > > The name is Jerome :) Jacob was a guy who replied to me! > > >I should have mentioned in my earlier post that the > >tomcatAuthentication="false" should only be part of the connector > >definition of the server.xml if you are using the AJP13Connector. > > > >If you are using the Coyote Connector, it should be in the > >jk2.properties files, e.g. > >request.tomcatAuthentication="false" > > > >However, it seems you are aware of this already. > > > I am using the Coyote Connector. The block for the AJP13Connector is > commented out in the server.xml config file. > jk2.properties contains > > request.tomcatAuthentication="false" > > > (and that's the only uncommented line). > > >The simplest way to verify that the authentication information is > >indeed being passed through from Tomcat to Apache is just to > print the > >value of request.getRemoteUser() in your servlet. > > > > I've tried that and the retirved RemoteUser is always null. > So I guess > that this proves the authentication is not working. > I've tried to add debugging and logging, but perhaps not to the right > places. > > I've done the following > > ** Added debugging to workers2.properties > > > cat /etc/httpd/conf/workers2.properties > [logger] > level=DEBUG > file=${serverRoot}/logs/jk2.log > # Define the communication channel > [channel.socket:localhost:8009] info=Ajp13 forwarding over > socket tomcatId=localhost:8009 debug=10 # Map /jkstatus to > the status worker [shm] file=${serverRoot}/logs/shm.file > size=1048576 debug=10 .... [uri:/examples/*] info=JSPs > Servlets Examples debug=10 > > ** Added debugging to server.xml > > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8009" minProcessors="5" maxProcessors="75" > enableLookups="true" redirectPort="8443" > acceptCount="10" debug="10" connectionTimeout="0" > useURIValidationHack="false" > > protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler" /> > > but still the information logged doesn't seem to satisfy my debugging > needs. I am not sure what to search for neither. > > >You previously stated that you are getting prompted for your > >credentials when you browse to the page, so the Apache side of > >things appears to be working. > > > Yes. cgi scripts and other PHP pages correctly require authentication. > > >It sounds like you have tried the various pieces necessary to get > >this to work, but perhaps not all together at the same time :-) (?) > > > >Either that, or you are hitting a bug somewhere. > > > > > I will not say I am 100 % sure I am doing the right thing, > but after all > I spent enough time on it that it makes me think that there is a bug > somewhere... > Anybody can allocate some of his/her brain cells to try to > solve this pb ? > > Cheers, > > Jerome > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
