Eddie: Yes, I'm aware of the drawback of having Tomcat service static content; however, somewhere (perhaps in the Tomcat documentation, although since the Tomcat documentation changed format with the release of Tomcat 4.0, I could never find it again) I recall seeing a strong recommendation to pass everything through to Tomcat in an Apache/Tomcat environment -- the reason being that only in that way could you be sure that all of your mappings and other servlet configurations were being enforced.
I'm trying to learn all of this stuff in such a short period of time, and have read so much in a short period of time, that I've filed away all of these "kernels" in my mind, having no idea where they came from. Dangerous, I know. But in any event, I do understand that total pass-through is a two-edged sword. -----Original Message----- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 5:17 PM To: Struts Users Mailing List Subject: Re: Logout in a container-managed security environment -- Follow-up The only drawback I see to this approach is that static content will be served by Tomcat. Typically, a person uses Tomcat in conjunction with Apache in order to allow Apache to serve the static content. Thank you for the update :-) I'm nearly certain there has to be a better way -- although I'm not 100% sure. Maybe Craig will spot this and have something to chip-in. Thanks for you kind words, and I'm glad to hear you managed to get it "working" (acceptably, I hope). Charles McClain wrote: >All: > >I made the original post in this thread, and thanks to the replies I >received, was able to implement FORM-based CMA in my application. > >As you can see in the message below, I was left with one residual >problem: Although FORM-based CMA worked fine in a standalone Tomcat >environment, when I switched to an integrated Apache-Tomcat >environment, I got a 404 not-found error from Apache for >"j_security_check"; in other words, Apache never passed this request >through to Tomcat. > >Again thanks to several replies I received, I've been able to resolve >this problem. Eddie Bush, in particular, was helpful and asked me to >post the solution on this list when I found it. So here goes. Bear in >mind that, in the example below, "ebps" is the name of my application >domain. > >The solution involved modifying Tomcat's mod_jk.conf file. The >original set of mappings in mod_jk.conf for my application context was: > >JkMount /ebps/servlet/* ajp13 >JkMount /ebps/*.jsp ajp13 >JkMount /ebps/ ajp13 >JkMount /ebps/*.do ajp13 > >On spec, I tried adding various mappings that assigned >"j_security_check" to the ajp13 worker. The mapping that worked is: > >JkMount /ebps/* ajp13 > >.....which in effect maps ALL requests to the ajp13 worker. I've done >some light testing, and there do not seem to be any adverse side >effects to including this mapping, but I do have to caution everyone >that I haven't yet done through testing. > -- Eddie Bush -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
