Using native webserver authentication with Tomcat Manager WebApp

3
votes

I'm running Tomcat 6.0.24 with an AJP connector. For the connector, I've set the attribute tomcatAuthentication="false" so that Tomcat will get the name of the authenticated user from the native web server (Apache 2.2.15 with mod_proxy_ajp and mod_cosign). This is working fine for a "Hello, World" servlet I've set up.

I have the Tomcat Manager WebApp working fine when using Tomcat's MemoryRealm, tomcat-users.xml file, and the connector in the default configuration (tomcatAuthentication="true"). But with tomcatAuthentication="false", I get the error "HTTP Status 403 - Access to the requested resource has been denied" from the Tomcat Manager WebApp.

How can I configure the Tomcat Manager web application to rely on the native web server (Apache HTTPD) for authentication but use an independent source (tomcat-users.xml or other) for user roles? I've read the documentation and googled but I don't understand enough about Tomcat yet to find the answer.

1
authenticationtomcatservlets
I have this same problem three years later. Do you recall if you figured something out?rjcarr

1 Answers

1
votes

From the Tomcat Manual

  1. Configure whether Tomcat or a web server does authentication

When Tomcat is used with a web server, such as Apache, the default is to have Tomcat continue to handle authentication. Any authenticated user specified in the request forwarded from the web server to Tomcat will be ignored.

If you want Tomcat to make use of the authenticated user provided by the web server, add:

tomcatAuthentication="false" to the Ajp12Connector or Ajp13Connector as appropriate. For example:

<Ajp13Connector port="8009" tomcatAuthentication="false" />

Have you tried adding the second configuration value.