tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Savoy, Melinda" <MelindaSa...@texashealth.org>
Subject RE: OT RE: Still having problem retrieving user value from ISAPI Filter for authentication
Date Wed, 23 Jun 2010 10:09:10 GMT
Thanks Leo.  I've got the same setup in IIS regarding integrated windows security.  However,
IIS is on port 80 and Tomcat is on 9080 so as not to conflict.

IIS is giving the ISAPI filter the user info that I'm looking for as indicated in the ISAPI
log.

Thanks for trying.  It's appreciated.

-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov] 
Sent: Tuesday, June 22, 2010 6:13 PM
To: 'Tomcat Users List'
Subject: RE: OT RE: Still having problem retrieving user value from ISAPI Filter for authentication

>From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
>Subject: OT RE: Still having problem retrieving user value from ISAPI
>Filter for authentication
>>
>Doesn't the url mapping in the uriworkermap.properties file interrupt
>IIS from passing authentication to Tomcat?
>
>If you restrict access to a virtual directory in IIS, mapped to a
>servlet or webapp in Tomcat, and there is a URL for that servlet/webapp
>in uriworkermap.properties, wouldn't Tomcat allow access even though IIS
>attempts to say no?
>
>I still have a server with IIS and the isapi_redirect.dll "Jakarta
>filter" running internally.
>
>I created a new website in IIS, called test, using IIS port 8088, mapped
>to the examples directory in Tomcat 6.0.26  (Tomcat's HTTP port is still
>8080)
>I added the "Jakarta" virtual directory to test.
>I removed anonymous access and checked integrated windows security for
>test.
>
>http://localhost:8088  supply credentials of user not allowed to this
>directory - yields no access.
>http://localhost:8088/examples I get right through, no challenge from
>IIS.
>
>http://localhost:8088  supply credentials of user allowed, snoop JSP
>works, but Remote User is null.  Everything else in snoop output had a
>value.
>

I stand corrected, as usual.  Snoop JSP does display my login info.  However, my browser is
now set to supply credentials for internal sites.  "Automatic login only in Intranet zone".

IE 7
Internet Options
Security
Custom Level
Scroll all the way down to User Authentication.

isapi_redirect.dll version 1.2.27
IIS 6.0
Windows Server 2003

http://localhost:8088/examples/jsp/snp/snoop.jsp

Request Information 
JSP Request Method: GET 
Request URI: /examples/jsp/snp/snoop.jsp 
Request Protocol: HTTP/1.1 
Servlet path: /jsp/snp/snoop.jsp 
Path info: null 
Query string: null 
Content length: 0 
Content type: null 
Server name: server name 
Server port: 8088 
Remote user: PLANDEV\donahuel 
Remote address: my ip 
Remote host: my ip 
Authorization scheme: Negotiate 
Locale: en_US

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



The information contained in this message and any attachments is intended only for the use
of the individual or entity to which it is addressed, and may contain information that is
PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law.  If you are not
the intended recipient, you are prohibited from copying, distributing, or using the information.
 Please contact the sender immediately by return e-mail and delete the original message from
your system.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message