Hi,
We have a web application deployed under Tomcat 5.0 which uses a custom
Realm for authentication. This custom Realm basically does a web service
call using the user's credentials to authenticate with the web service
server (basic WS-I username/password authentication).
If the web service call fails (user not allowed to call the web service
with his credentials), then Tomcat authentication fails.
If the web service call succeed (user has access to the web service),
then Tomcat authentication succeed and the Realm will store the Session
object returned by the web service in a ThreadLocalContext to be reused
later in the web application.
This works fine with Tomcat only, but as soon as I add mod_jk and try to
use Apache to do the authentication and then pass the credentials to
Tomcat (using tomcatAuthentication=false), I get the "403 - access
denied" page.
I'd like to know if, in my configuration (Apache authentication + Tomcat
Realm + tomcatAuthentication=false), Apache is supposed to pass the user
login/password to the Tomcat Realm or if the realm is not called at
all (This would be the bad news I fear)?
My combination Apache/Tomcat/mod_jk works when I specify
tomcatAuthentication=true. But, I'd like to have Apache authentication
and the Tomcat Realm called automatically after that with the
username/password... Is this possible or do I have to move my Session
creation process somewhere else?
Hope you understood my problem,
Cheers,
Mickael
--
Mickael Goujon
Software Engineer
Lion Bioscience Ltd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
