Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 86625 invoked from network); 31 Oct 2002 10:12:34 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 31 Oct 2002 10:12:34 -0000 Received: (qmail 19146 invoked by uid 97); 31 Oct 2002 10:13:25 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 19108 invoked by uid 97); 31 Oct 2002 10:13:24 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 19091 invoked by uid 98); 31 Oct 2002 10:13:23 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) From: "Luca Ventura" To: "tomcat-dev" Subject: BASIC authentication in Tomcat+IIS (one useful information) Date: Thu, 31 Oct 2002 11:11:51 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Hello! I have another useful information about the problem described below that I have posted some day ago wihout receiving no solution for it :((( If I use Tomcat 4.x as Web Server (standalone mode), instead of IIS, the BASIC Authentication works well also on Server 1! This means there must be some strange setting in IIS or in Windows 2000 Advanced Server that forces the Tomcat's ISAPI filter (that is to say when Tomcat is used only as Servlet Container) not to ask for login and password to the user but to get their values directly from the system. I hope someone can help me. Best regards, Luca -----Messaggio originale----- Da: Luca Ventura [mailto:ventluca@tiscali.it] Inviato: marted� 29 ottobre 2002 12.12 A: tomcat-dev Oggetto: BASIC authentication in Tomcat+IIS Hello everybody! I have the following GREAT problem with basic authentication in Tomcat.... I have two servers configured as follows: Server 1: Operating system: Windows 2000 Advanced Server Web Server: IIS 5.0 Servlet Container: Tomcat 4.x Server 2: Windows XP Professional Web Server: IIS 5.0 Servlet Container: Tomcat 4.x Server 2 is not connected to the Internet but it is used to test web applications before passing them in the production environment deployed in Server 1. In fact Server 1 is connected to the Internet and contains all the final versions of Web Applications. So I connect to Server 1 using a real domain name (for example: www.mydomain.com) while I connect to Server 2 using "localhost". In both Servers I use Tomcat 4.x as Servlet Container and Micrososft IIS 5 as Web Server. I installed the ISAPI filter to redirect to Tomcat all the requests to Servlet/JSP pages or to web sites based on such java-technologies. I have tried to protect some Servlet/jsp-pages using basic authentication of Tomcat. So I configured the following tomcat files in such way: server.xml: ... .... ... tomcat-users.xml: web.xml:

Autenticazione Tomcat

Protected Area

/MyServlet

adminrole

BASIC

Autenticazione Tomcat

Server.xml and tomcat-users.xml are present in /conf folder of Tomcat, while web.xml in the WEB-INF folder of the web application that contains the resource (in this case the servlet "MyServlet") that I want to protect. All works fine in Server 2 (localhost): in fact when I connect to the protected resource (servlet "MyServlet")Tomcat asks me in a window the login and the password to access to the resource. The problem appears after moving my application in Server 2 (production environment) because when I try to connect to the protected servlet I receive from Tomcat the following error page: Apache Tomcat/4.0.4-b3 - HTTPS Status 403 - Access to the requested resource has been denied type: Status report message: Access to the requested resource has been denied description: Access to the specified resource (Access to the requested resource has been denied) has been forbidden. The strange thing is that Tomcat, before showing the error page, doesn't ask to me for the login and the password to access the resource (as in the first case). It seems that IIS passes automatically an internal login and password to Tomcat to access to the protected resource: given that they are not correct I receive an error message from Tomcat. Anyway I am not sure of this but I suspect that the problem is in Windows 2000 Advanced Server because when I try to access to Server 2, where there is Windows XP installed , all works fine. I have heard that this problem could occur in Windows 2000 only when realm authentication is not set in IIS, but i am not sure and in any case I have no idea how to set realm authentication in IIS. I hope someone can help me to solve this problem. Thanks a lot in advance! Luca -- To unsubscribe, e-mail: For additional commands, e-mail: