tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Bitteker" <>
Subject Users cannot login when IIS 6.0 is used to redirect user to secure J2EE apps on Tomcat 5.5.15
Date Wed, 30 May 2007 15:36:11 GMT
Desired State:
When users access secure J2EE apps via IIS 6.0 on port 80, they are
challenged, authenticated, authorized and presented with pages from a
secure application being served by Tomcat 5.5.15 server on port 8080
even though it appears they are still on port 80.

Users are challenged by the browser to enter their credentials, but
cannot login when entering valid credentials.
* If we access the J2EE app via port 80 through IIS 
  with security, we cannot access the J2EE app, 
  users receive a 401 error message from Tomcat.

* If we access the J2EE app directly on port 8080 
  with security, the user may login without a problem 
  and access the J2EE app.

* If the J2EE app doesn't have security setup in the 
  web.xml file, the redirect from IIS to Tomcat works 
  just fine. 

* If the J2EE app has security setup in the web.xml 
  then the redirect does not work and the user cannot 
  log into the J2EE app.

* There are no ACLs setup in IIS

* IIS logs the 401 errors, but there are no errors in any 
  of the Tomcat logs even when we bump up the logging 
  in Tomcat to "trace"
Systems in use:
* Tomcat 5.5.15 (running on port 8080)
* IIS 6.0 using Integrated Windows Authentication, (running on port
* isapi_redirect.dll version
* Active Directory 2003 R1

Possibly the redirection of the user with the isapi_redirect.dll is the
issue.  Credentials are not handed off from IIS to Tomcat.
Thanks for any help you can provide.
- Brian.

This e-mail, including any attachments, may contain highly
sensitive and confidential information. It is intended only for
the individual(s) named. If you received this e-mail in error
or from someone who was not authorized to send it to you,
do not disseminate, copy or otherwise use this e-mail or its
attachments. Please notify the sender immediately by reply
e-mail and delete the e-mail from your system. 

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message