I'm posting this question a second time since I am not sure if mailer problems on my end prevented it from reaching the list and I got no responses on the issue.
The security implementation in Tomcat 4.0.2b2 and earlier seems to depend on using redirect urls. This doesn't seem to work correctly with connectors such as the IISAPI IIS connector. What is the strategy for supporting basic or form based authentication through connectors? Should this be implemented without using redirect? I've configured Tomcat4.0.2b2 with the AJP 1.3 Connector and successfully installed the iisapi dll from Tomcat3.3 into IIS. I am attempting to serve a protected page through the connector using the protected realm example. When I hit the page directly on port 8080, I get the expected login form challenge behavior. When I hit the page through the connector, I get a 403 access denied error. Is serving protected pages through connectors supposed to be supported in 4.0.2? http://localhost:8080/examples/jsp/security/protected/index.jsp redirects to the login screen as expected. http://localhost/examples/jsp/security/protected/index.jsp returns 403 - Access to the requested resource has been denied -Jonathan ***************************************************************************** This email and any files transmitted with it are for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. This email message has been swept by a virus software product for the presence of computer viruses. ***************************************************************************** -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
