tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allistair Crossley" <Allistair.Cross...@QAS.com>
Subject RE: jCIFS Jboss Tomcat IIS NTLM Authentication
Date Fri, 28 Oct 2005 08:20:18 GMT
it only collects the username of the logged in user yes, not ad info.

not sure if this is true, but ensure integrated windows security is on the virtual jakarta
folder pointed to the jk dll too. i'm not sure if your situation is muddied by jboss in the
mix, as i am not familiar with jboss (yet)

not sure what else to tell you .. i've tested taking off WIS on my website, and the remote
user goes blank. this is a tried and tested method, so something else must be getting in the
way your end.

cheers

> -----Original Message-----
> From: Scott Shaver [mailto:Scott.Shaver@mcdata.com]
> Sent: 26 October 2005 19:29
> To: tomcat-user@jakarta.apache.org
> Subject: RE: jCIFS Jboss Tomcat IIS NTLM Authentication
> 
> 
> I thought I tried that but I'll give it another go. Won't 
> this mean that
> the user's realm groups (security groups from active 
> directory) won't be
> loaded then? If tomcat doesn't do the authentication via the filter I
> would assume that would be the case. That won't work for me if it is
> true. 
>  
> The application I have is an employee portal. I want the user to not
> have to log in to be authenticated. I have this working perfectly in
> WebLogic but I'm exploring a possible move to JBoss. I use the user's
> groups to avoid displaying certain sections of the portal.
>  
> gave it another go:
> 
> Okay so I took out the filter from the web app and set the "Integrated
> Windows Security" to on for the site and the redirector 
> directory. I've
> got the tomcatAuthentication=false set in the AJP 1.3 
> Connector element
> in the server.xml.
> 
> <Connector port="8009" address="${jboss.bind.address}"
> debug="99"
> emptySessionPath="true" enableLookups="false" redirectPort="8443" > protocol="AJP/1.3"
> tomcatAuthentication="false"
> minProcessors="5"
> maxProcessors="15"
> />
> 
> This let me into the app but with a blank getRemoteUser() value.
> Obviously not what I need. 
>  
> (no disclaimer)
> 
> > -----Original Message-----
> > From: Allistair Crossley [mailto:Allistair.Crossley@QAS.com] 
> > Sent: Wednesday, October 26, 2005 4:42 AM
> > To: Tomcat Users List; tomcat-user@jakarta.apache.org
> > Subject: RE: jCIFS Jboss Tomcat IIS NTLM Authentication
> > 
> > if you're using IIS in front of your application you don't 
> > need to use jCIFs. All you do is set the directory 
> > permissions on your website to Integrated Windows 
> > Authentication, then configure your Tomcat AJP Connector 
> > element with tomcatAuthentication="false". Then 
> > request.getRemoteUser() will return the Windows username.
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


<FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLUE> 
-------------------------------------------------------
QAS Ltd.
Registered in England: No 2582055
Registered in Australia: No 082 851 474
-------------------------------------------------------
</FONT> <FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLACK> 
Disclaimer:  The information contained within this e-mail is confidential and may be privileged.
This email is intended solely for the named recipient only; if you are not authorised you
must not disclose, copy, distribute, or retain this message or any part of it. If you have
received this message in error please contact the sender at once so that we may take the appropriate
action and avoid troubling you further.  Any views expressed in this message are those of
the individual sender.  QAS Limited has the right lawfully to record, monitor and inspect
messages between its employees and any third party.  Your messages shall be subject to such
lawful supervision as QAS Limited deems to be necessary in order to protect its information,
its interests and its reputation.  

Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee
that attachments are virus free or compatible with your systems and does not accept any liability
in respect of viruses or computer problems experienced.
</FONT>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message