"Debra Bartling" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I'm having problems with Tomcat 5.5.x, Apache 2.2.0, and mod_proxy_ajp and > resources that are protected with a security-constraint. (This is after > updating from Apache 2.0.54, Tomcat 5.0.27, and mod_jk2, where the same > configuration worked fine.) > > The issues are different depending on the version of Tomcat. > > In Tomcat 5.5.12, POST requests fail if a client does not have a session > established (for example, the session has timed out) and the auth-method > is FORM. The client is presented with the login form via j_security_check > and passed to the correct servlet, but there are no request headers and no > form data in the request. (My servlet tries to log them -- nothing there.) > This can be reproduced in Firefox and Internet Explorer, so I don't think > it's the browser. If I change the configuration to BASIC authentication, > it works correctly. If the client has a session established, either method > works OK. This problem seems to be resolved in Tomcat 5.5.16. >
Without looking at the changelog, I do believe that there were problems with this in 5.5.12. > BUT ... > > In Tomcat 5.5.16, if the client tries to retrieve a PDF document protected > by a security-constraint and does not have a session established, an error > is reported. (Once logged in, there is no problem.) If the auth-method is > FORM, the document is retrieved but Acrobat reports: "Acrobat could not > open 'abc.pdf' because it is either not a supported file type or because > the file has been damaged (for example, it was sent as an email attachment > and wasn't correctly decoded)." If the auth-method is BASIC, the login box > is never displayed at all. This problem did not occur with Tomcat 5.5.12 > (using the same PDFs and browser). > Are you using the APR or the Java AJP/1.3 Connector? Whichever one it is, is it possible for you to test using the other one? Another test would be to see if it works with Apache 2.0.54+mod_jk(2). Of course, if you can help to pin this down so it can be fixed, that would be great. If you can't, well, I don't expect to be able to write a check against your time ;-). > Does anyone have a similar configuration working? Recommendations? > > Debra Bartling > Earthquake Engineering Research Center > University of California, Berkeley --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
