Note also: RemoteAddrValve is still commented out. From: Miller, Gerald Sent: Thursday, August 20, 2015 3:28 PM To: 'users@tomcat.apache.org' <users@tomcat.apache.org> Subject: RE: HTTP Authenticate ignored by Tomcat 7 (Windows)
Follow-up: I reviewed the logs and saw a number of requests coming from localhost, where I had run experimental queries to the exact same service. I also confirmed through Rawcap that they were using the same Authorization header field. The only one receiving the 401 status was the one coming from the VM, using the host IP address and port in place of localhost and port. From: Miller, Gerald Sent: Thursday, August 20, 2015 2:27 PM To: 'users@tomcat.apache.org' <users@tomcat.apache.org<mailto:users@tomcat.apache.org>> Subject: HTTP Authenticate ignored by Tomcat 7 (Windows) I had previously set up Tomcat 8 on an Ubuntu VM, communicating over localhost, and was able to authenticate to the server by intercepting calls to soap_put_header() and inserting Authorization: Basic dG9tY2F0OnRvbWNhdAo= After setting up Tomcat 7 in Windows and running tcpdump in Ubuntu (no longer using localhost, obviously) to diagnose the HTTP/1.1 401, I find that although my request header field is still intact, it's apparently being ignored, and I get a WWW-Authenticate in the response header. Why this apparently inconsistent behavior? I chose Tomcat 8 initially, because it was the most current version, but after rereading the README for the projects to be supported and seeing all kinds of Java errors, I switched to version 7, so apparently there are issues with war file support through the Metro library as well.
