tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: ISAPI log question regarding authentication
Date Sat, 12 Jun 2010 10:49:54 GMT
Rainer Jung wrote:
> On 11.06.2010 23:21, Savoy, Melinda wrote:
>> I am working in my local Eclipse development environment on a Windows 
>> XP box.  (As stated in a previous post, I was able to get 
>> authentication working in the Windows 2003 environment after talking 
>> to a MS IIS engineer)
>> I just got off of a phone call with another IIS engineer at Microsoft 
>> regarding the authentication issue again that I am getting Windows XP 
>> and we spotted something interesting in the ISAPI log and wanted to 
>> run it by you guys.
>> I've now setup my IIS and browser in Windows XP to FORCE NTLM 
>> authentication and I am getting in the request, per the ISAPI log, the 
>> credentials that it passes from IIS to Tomcat.
>> What is interesting is that it would appear that from the ISAPI log 
>> that the AJP is returning a 401 code to the browser and therefore 
>> executing a Windows Login prompt. Please see bolded/red type below.
>> Below is a copy of the entries in my ISAPI log and wanted to get any 
>> input on WHY it would appear that the redirector is returning a 401 
>> status back to my IE or Firefox browser(?):
> Because it receives a 401 response form your web application in Tomcat 
> and forwards the response as is to the client. So why is your web 
> application sending a 401?
By "application", understand the complete webapp stack, including any 
servlet filters which may be configured there.

A 401 is not an error.  It is the normal response of the server, in the 
NTLM protocol, when trying to access a protected resource.
My guess in this case and at this point, is that it is the "legacy 
filter" (jCIFS-based) which sits on top of the webapp, and which does 
not check if the request is already authenticated, but returns a 401 
right away.  Is that a possibility ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message