I'm having problems with Tomcat 5.5.x, Apache 2.2.0, and
mod_proxy_ajp and resources that are protected with a
security-constraint. (This is after updating from Apache 2.0.54,
Tomcat 5.0.27, and mod_jk2, where the same configuration worked fine.)
The issues are different depending on the version of Tomcat.
In Tomcat 5.5.12, POST requests fail if a client does not have a
session established (for example, the session has timed out) and the
auth-method is FORM. The client is presented with the login form via
j_security_check and passed to the correct servlet, but there are no
request headers and no form data in the request. (My servlet tries to
log them -- nothing there.) This can be reproduced in Firefox and
Internet Explorer, so I don't think it's the browser. If I change the
configuration to BASIC authentication, it works correctly. If the
client has a session established, either method works OK. This
problem seems to be resolved in Tomcat 5.5.16.
BUT ...
In Tomcat 5.5.16, if the client tries to retrieve a PDF document
protected by a security-constraint and does not have a session
established, an error is reported. (Once logged in, there is no
problem.) If the auth-method is FORM, the document is retrieved but
Acrobat reports: "Acrobat could not open 'abc.pdf' because it is
either not a supported file type or because the file has been damaged
(for example, it was sent as an email attachment and wasn't correctly
decoded)." If the auth-method is BASIC, the login box is never
displayed at all. This problem did not occur with Tomcat 5.5.12
(using the same PDFs and browser).
Does anyone have a similar configuration working? Recommendations?
Debra Bartling
Earthquake Engineering Research Center
University of California, Berkeley
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]