Tomcat 7 digest authentication problem

After a few days, I'm out of ideas for this problem.

I just installed Tomcat 7 to serve a web-app that has one page protected by DIGEST authentication.

When I set the port for Tomcat to 80, everything works fine.

When I set the port for Tomcat to 8080 and turn on Apache2 on port 80, the username/password box comes up but when I put in my username and password, the box just refreshes and the web-app doesn't let me into the protected page.

I get no errors in the tomcat or apache logs.

I'm using Ubuntu Server 10, Tomcat 7 and Apache2

I'm not even sure what to put here to help debug this, so I'll just add the common configuration files I've been working with.

this is from Tomcat 7's server.xml
<GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" address="127.0.0.1" enableLookups="false" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="true"/> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" resolveHosts="false"/> </Host> </Engine> </Service>



This is from the tomcat-users.xml
<tomcat-users> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager"/> <role rolename="admin-gui"/> <role rolename="admin-script"/> <role rolename="admin"/> <user username="myusername" password="mypassword" roles="manager-gui,manager-script,manager,admin-gui,admin-script,admin"/> </tomcat-users>


This is from apache2 /etc/apache2/sites-available/default
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> <VirtualHost *:80> ServerName site1.com ServerAlias *.site1.com # ProxyRequests off ProxyPass / http://127.0.0.1:8080/site1/ ProxyPassReverse / http://127.0.0.1:8080/site1/ <Proxy *> Order deny,allow Allow from all </Proxy> </VirtualHost> <VirtualHost *:80> ServerName site2.com ServerAlias *.site2.com ProxyPass / http://127.0.0.1:8080/site2/ ProxyPassReverse / http://127.0.0.1:8080/site2/ <Proxy *> Order deny,allow Allow from all </Proxy> </VirtualHost>

I would put the web.xml files but since the web-app works fine when Tomcat is listening on port 80, I tend to think it's a fault in the server configuration.

If there's anything else I should put up, or take down, please let me know.

Thanks.

Check out ProxyPassReverseCookiePath directive at http://httpd.apache.org/docs/2.1/mod/mod_proxy.html#proxypassreversecookiepath
When you use port 80 with tomcat, the cookie goes for /test1/ context and browser sends that back, so it works. But when you do ProxyPass and reverse, although the /test1/ context is served at context / but the cookie is not translated. Once you setup the directive ProxyPassReverseCookiePath, it should work.