tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Bitteker" <bbitt...@troopers.state.ny.us>
Subject Users cannot login when IIS 6.0 is used to redirect user to secure J2EE apps on Tomcat 5.5.15
Date Wed, 30 May 2007 15:36:11 GMT
Desired State:
When users access secure J2EE apps via IIS 6.0 on port 80, they are
challenged, authenticated, authorized and presented with pages from a
secure application being served by Tomcat 5.5.15 server on port 8080
even though it appears they are still on port 80.

 
Problems:
Users are challenged by the browser to enter their credentials, but
cannot login when entering valid credentials.
 
* If we access the J2EE app via port 80 through IIS 
  with security, we cannot access the J2EE app, 
  users receive a 401 error message from Tomcat.

* If we access the J2EE app directly on port 8080 
  with security, the user may login without a problem 
  and access the J2EE app.

* If the J2EE app doesn't have security setup in the 
  web.xml file, the redirect from IIS to Tomcat works 
  just fine. 

* If the J2EE app has security setup in the web.xml 
  then the redirect does not work and the user cannot 
  log into the J2EE app.

* There are no ACLs setup in IIS

* IIS logs the 401 errors, but there are no errors in any 
  of the Tomcat logs even when we bump up the logging 
  in Tomcat to "trace"
 
Systems in use:
* Tomcat 5.5.15 (running on port 8080)
* IIS 6.0 using Integrated Windows Authentication, (running on port
80)
* isapi_redirect.dll version 1.2.22.0
* Active Directory 2003 R1


Suspicions:
Possibly the redirection of the user with the isapi_redirect.dll is the
issue.  Credentials are not handed off from IIS to Tomcat.
 
Thanks for any help you can provide.
 
- Brian.


This e-mail, including any attachments, may contain highly
sensitive and confidential information. It is intended only for
the individual(s) named. If you received this e-mail in error
or from someone who was not authorized to send it to you,
do not disseminate, copy or otherwise use this e-mail or its
attachments. Please notify the sender immediately by reply
e-mail and delete the e-mail from your system. 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message