Hi All,
I've configured Apache with a VirtualHost that connects to Tomcat via
mod_jk (Tomcat has a corresponding Host entry with JNDI DataSources,
etc.) - this works fine. Now I'm attempting to secure a sub-directory
(say /manage, no alias, directory exists in webapps/<webapp>) using form
based authentication with a JDBCRealm. Using the security example as a
template, I've modified my web.xml similarly, see below, and used the
login.jsp/error.jsp/index.jsp. The setup works when I access using
Tomcat (port 8080) but not with Apache - I get 403 Forbidden (Apache
error, not Tomcat).
If you need more info (like server.xml/httpd.conf) I can provide that
too.
Any help would be appreciated.
tia,
Rob Lake
-----
Setup:
RedHat 7.2 (Apache 1.3.22-6)
Tomcat 4.1.10
J2SDK 1.4.0
WEB.XML -----
<web-app>
...
<security-constraint>
<display-name>Management Security</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/manage/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Authentication Area</realm-name>
<form-login-config>
<form-login-page>/manage/login.jsp</form-login-page>
<form-error-page>/manage/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>role</role-name>
</security-role>
</web-app>
----- WEB.XML
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
