I'm running Tomcat 6.0.24 behind Apache HTTP Server 2.2.15 with
mod_proxy_ajp. I edited tomcat-users.xml and the Tomcat Manager WebApp
works fine.
I then configure Tomcat to use the authentication done by the front-end
web server, by setting the tomcatAuthentication="false" attribute for
the AJP connector. This works fine with a simple servlet I wrote that
just displays request.getRemoteUser(), but it causes the Tomcat Manager
WebApp to stop working with the error "HTTP Status 403 - Access to the
requested resource has been denied".
Is is possible to configure the Tomcat Manager WebApp to rely on the
front-end web server for authentication but use tomcat-users.xml or some
other independent source for role information? I've read the
documentation on realms and security constraints, and googled, but the
solution is not obvious to me.
Thanks.
--
Mark Montague
m...@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
