tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Savoy, Melinda" <>
Subject RE: Still having problem retrieving user value from ISAPI Filter for authentication
Date Wed, 23 Jun 2010 14:58:51 GMT
Let me ask another question if I might in addition to the one below:

In my ISAPI log it shows:

[Wed Jun 23 09:50:59.568 2010] [5024:6028] [debug] jk_isapi_plugin.c (3108): Service protocol=HTTP/1.1
method=GET host= addr= name=localhost port=80 auth=NTLM user=TEXAS\SavoyM

The value of "80" is shown, my question is does this line in my ISAPI log show the request
as to where it is coming from, meaning IIS since IIS is on port 80?

My tomcat app is running on port 9080.

Just curious.

I think, I am going on to try Waffle, instead of trying to pursue this any further.  dB has
been kind enough to offer his help in getting me setup.

I just thought I'd ask this one last question. Thanks for all the time and help.


-----Original Message-----
From: Savoy, Melinda 
Sent: Wednesday, June 23, 2010 7:50 AM
To: 'Tomcat Users List'; ''
Subject: RE: Still having problem retrieving user value from ISAPI Filter for authentication

Let me ask, what maybe a stupid question now, but when I print out the enumeration value of
the request header names, see below, using request.getHeaderNames() should the user be listed
as one of the headers which is passed on from the ISAPI filter:

=== MimeHeaders ===
accept = */*
accept-language = en-us
connection = Keep-Alive
host = localhost
user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322;
.NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
accept-encoding = gzip, deflate
content-length = 0

Thank you.

-----Original Message-----
From: Pid [] 
Sent: Wednesday, June 23, 2010 6:52 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for authentication

On 23/06/2010 10:45, Rainer Jung wrote:
> On 23.06.2010 09:51, Pid wrote:
>> On 23 Jun 2010, at 02:40, Rainer Jung<>  wrote:
>>> On 22.06.2010 21:59, Marc Boorshtein wrote:
>>>>> Unless you are going to authenticate via one of Tomcat's 
>>>>> authentication methods; BASIC, FORM, etc, then getRemoteUser() is 
>>>>> going to return null.
>>>>> You'll need to add a security constraint, login-config and 
>>>>> security-role to your web.xml to test getRemoteUser(); in just Tomcat.
>>>> This shouldn't be the case since she put tomcatAuthentication="false"
>>>> tomcat should be taking the username from the JK_REMOTE_USER 
>>>> attribute.
>>>> Have you tried a wireshark packet capture?
>>> The log file of the ISAPI redirector she presented already contains 
>>> a dump of the AJP packet the redirector is going to send out. The 
>>> dump shows the correct user string contained in the packet.
>>> I've got no idea what's wrong here.
>> Would you expect the user value normally to be set as another 
>> (REMOTE_USER type) header by ISAPI?
> No, it gets send as an AJP specific request attribute that the AJP 
> connectors know about. It's not an HTTP header.

OK, and I'm guessing that if there was a way to get the AJP connector to dump those attributes
you'd have said so by now.


> Regards,
> Rainer
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

The information contained in this message and any attachments is intended only for the use
of the individual or entity to which it is addressed, and may contain information that is
PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law.  If you are not
the intended recipient, you are prohibited from copying, distributing, or using the information.
 Please contact the sender immediately by return e-mail and delete the original message from
your system.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message