Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: error (asf.osuosl.org: local policy)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: jCIFS Jboss Tomcat IIS NTLM Authentication
Date: Fri, 28 Oct 2005 09:20:18 +0100
Message-ID: <5684A7E6FB10504393A2806C1F4C021007B55227@orion.qas.com>
Thread-Topic: jCIFS Jboss Tomcat IIS NTLM Authentication
Thread-Index: 
    AcXZobnOMNAQM8asR1GiPdoPPWFdIAABY1mAAAArAnAAABhH8AAcWhqwABBDlzAATz42kA==
From: "Allistair Crossley" <Allistair.Crossley@QAS.com>
To: "Tomcat Users List" <users@tomcat.apache.org>,
    <tomcat-user@jakarta.apache.org>

it only collects the username of the logged in user yes, not ad info.

not sure if this is true, but ensure integrated windows security is on the =
virtual jakarta folder pointed to the jk dll too. i'm not sure if your situ=
ation is muddied by jboss in the mix, as i am not familiar with jboss (yet)

not sure what else to tell you .. i've tested taking off WIS on my website,=
 and the remote user goes blank. this is a tried and tested method, so some=
thing else must be getting in the way your end.

cheers

> -----Original Message-----
> From: Scott Shaver [mailto:Scott.Shaver@mcdata.com]
> Sent: 26 October 2005 19:29
> To: tomcat-user@jakarta.apache.org
> Subject: RE: jCIFS Jboss Tomcat IIS NTLM Authentication
>=20
>=20
> I thought I tried that but I'll give it another go. Won't=20
> this mean that
> the user's realm groups (security groups from active=20
> directory) won't be
> loaded then? If tomcat doesn't do the authentication via the filter I
> would assume that would be the case. That won't work for me if it is
> true.=20
> =20
> The application I have is an employee portal. I want the user to not
> have to log in to be authenticated. I have this working perfectly in
> WebLogic but I'm exploring a possible move to JBoss. I use the user's
> groups to avoid displaying certain sections of the portal.
> =20
> gave it another go:
>=20
> Okay so I took out the filter from the web app and set the "Integrated
> Windows Security" to on for the site and the redirector=20
> directory. I've
> got the tomcatAuthentication=3Dfalse set in the AJP 1.3=20
> Connector element
> in the server.xml.
>=20
> <Connector port=3D"8009" address=3D"${jboss.bind.address}"
> debug=3D"99"
> emptySessionPath=3D"true" enableLookups=3D"false" redirectPort=3D"8443"=
 > protocol=3D"AJP/1.3"
> tomcatAuthentication=3D"false"
> minProcessors=3D"5"
> maxProcessors=3D"15"
> />
>=20
> This let me into the app but with a blank getRemoteUser() value.
> Obviously not what I need.=20
> =20
> (no disclaimer)
>=20
> > -----Original Message-----
> > From: Allistair Crossley [mailto:Allistair.Crossley@QAS.com]=20
> > Sent: Wednesday, October 26, 2005 4:42 AM
> > To: Tomcat Users List; tomcat-user@jakarta.apache.org
> > Subject: RE: jCIFS Jboss Tomcat IIS NTLM Authentication
> >=20
> > if you're using IIS in front of your application you don't=20
> > need to use jCIFs. All you do is set the directory=20
> > permissions on your website to Integrated Windows=20
> > Authentication, then configure your Tomcat AJP Connector=20
> > element with tomcatAuthentication=3D"false". Then=20
> > request.getRemoteUser() will return the Windows username.
> >=20
>=20
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>=20
>=20


<FONT SIZE=3D1 FACE=3D"VERDANA,ARIAL" COLOR=3DBLUE>=20
-------------------------------------------------------
QAS Ltd.
Registered in England: No 2582055
Registered in Australia: No 082 851 474
-------------------------------------------------------
</FONT> <FONT SIZE=3D1 FACE=3D"VERDANA,ARIAL" COLOR=3DBLACK>=20
Disclaimer:  The information contained within this e-mail is confidential a=
nd may be privileged. This email is intended solely for the named recipient=
 only; if you are not authorised you must not disclose, copy, distribute, o=
r retain this message or any part of it. If you have received this message =
in error please contact the sender at once so that we may take the appropri=
ate action and avoid troubling you further.  Any views expressed in this me=
ssage are those of the individual sender.  QAS Limited has the right lawful=
ly to record, monitor and inspect messages between its employees and any th=
ird party.  Your messages shall be subject to such lawful supervision as QA=
S Limited deems to be necessary in order to protect its information, its in=
terests and its reputation. =20

Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS L=
imited cannot guarantee that attachments are virus free or compatible with =
your systems and does not accept any liability in respect of viruses or com=
puter problems experienced.
</FONT>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org