tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ronald Klop <ron...@not4mail.cs.vu.nl>
Subject Re: BASIC authentication in Tomcat+IIS (one useful information)
Date Thu, 31 Oct 2002 10:31:23 GMT
Hello,

I investigated the same problem (the 403 error) yesterday.
Tomcat authentication worked after I configured IIS to not use NT 
authentication, but only anonymous access. IIS will ignore any 
authentication headers and pass them to Tomcat then.
In IIS manager rightclick on the host and edit the 'directory security' tab.

I was using tomcat 4.1.12 with AJP1.3 and the JK (version 1) connector.

Hope this solves your problem too.

Greetings,

Ronald.

Luca Ventura wrote:

> Hello!
>
> I have another useful information about the problem described below that I
> have
> posted some day ago wihout receiving no solution for it :(((
>
> If I use Tomcat 4.x as Web Server (standalone mode), instead of
> IIS, the BASIC Authentication works well also on Server 1!
>
> This means there must be some strange setting in IIS or in Windows 2000
> Advanced Server that forces the Tomcat's ISAPI filter (that is to say
> when Tomcat is used only as Servlet Container) not to ask for login
> and password to the user but to get their values directly from the system.
>
> I hope someone can help me.
>
> Best regards,
>
>                       Luca
>
> -----Messaggio originale-----
> Da: Luca Ventura [mailto:ventluca@tiscali.it]
> Inviato: martedì 29 ottobre 2002 12.12
> A: tomcat-dev
> Oggetto: BASIC authentication in Tomcat+IIS
>
>
> Hello everybody!
>
> I have the following GREAT problem with basic authentication in Tomcat....
>
> I have two servers configured as follows:
>
> Server 1:
>
> Operating system: Windows 2000 Advanced Server
> Web Server: IIS 5.0
> Servlet Container: Tomcat 4.x
>
> Server 2: Windows XP Professional
> Web Server: IIS 5.0
> Servlet Container: Tomcat 4.x
>
> Server 2 is not connected to the Internet but it is used to test web
> applications before passing them in the production environment deployed in
> Server 1. In fact Server 1 is connected to the Internet
> and contains all the final versions of Web Applications.
>
> So I connect to Server 1 using a real domain name (for example:
> www.mydomain.com) while I connect to Server 2  using "localhost".
>
> In both Servers I use Tomcat 4.x as Servlet Container and Micrososft IIS 5
> as Web Server. I installed the ISAPI filter to redirect to Tomcat all the
> requests to Servlet/JSP pages or to web sites based on such
> java-technologies.
>
> I have tried to protect some Servlet/jsp-pages  using basic authentication
> of Tomcat. So I configured the following tomcat files in such way:
>
> server.xml:
>
> ...
>
>
>
>
>
> ....
>
>
>
> ...
>
>
> tomcat-users.xml:
>
>
>
>
>
> web.xml:
>
>
>       Autenticazione Tomcat
>
>          Protected Area
> 	
>          /MyServlet
> 	
>
>
>          adminrole
>
>
>
>
>
>       BASIC
>       Autenticazione Tomcat
>
>
>
> Server.xml and tomcat-users.xml are present in /conf folder of Tomcat, 
> while
> web.xml in the WEB-INF folder
> of the web application that contains the resource (in this case the 
> servlet
> "MyServlet") that I want to protect.
>
>
> All works fine in Server 2 (localhost): in fact when I connect to the
> protected resource (servlet "MyServlet")Tomcat asks me in a window the 
> login
> and the password to access to the resource. The problem appears after 
> moving
> my application in Server 2 (production environment) because when I try to
> connect to the protected servlet I receive from Tomcat the following error
> page:
>
> Apache Tomcat/4.0.4-b3 - HTTPS Status 403 - Access to the requested 
> resource
> has been denied
>
> type: Status report
> message: Access to the requested resource has been denied
> description: Access to the specified resource (Access to the requested
> resource has been denied) has been forbidden.
>
> The strange thing is that Tomcat, before showing the error page, 
> doesn't ask
> to me for the login and the password to access the resource (as in the 
> first
> case). It seems that IIS
> passes automatically an internal login and password to Tomcat to access to
> the protected resource: given that they are not correct I receive an error
> message
> from Tomcat. Anyway I am not sure of this but I suspect that the problem
> is in Windows 2000 Advanced Server because when I try to access to 
> Server 2,
> where there is Windows XP installed , all works fine.
>
> I have heard that this problem could occur in Windows 2000 only when realm
> authentication is not set in IIS,
> but i am not sure and in any case I have no idea how to set realm
> authentication  in IIS.
>
> I hope someone can help me to solve this problem.
>
> Thanks a lot in advance!
>
>                              Luca
>
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:


-- 
  Ronald Klop, Amsterdam, The Netherlands
  --> Remove the 'not4mail.' from the e-mail address before replying. <--

Mime
View raw message