tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Donahue - PLANDEVX <LeoDona...@mail.maricopa.gov>
Subject OT RE: Still having problem retrieving user value from ISAPI Filter for authentication
Date Tue, 22 Jun 2010 22:01:14 GMT
>From: Marc Boorshtein [mailto:mboorshtein@gmail.com]
>Subject: Re: Still having problem retrieving user value from ISAPI
>Filter for authentication
>
>>
>> Unless you are going to authenticate via one of Tomcat's
>authentication methods; BASIC, FORM, etc, then getRemoteUser() is going
>to return null.
>>
>> You'll need to add a security constraint, login-config and security-
>role to your web.xml to test getRemoteUser(); in just Tomcat.
>>
>
>This shouldn't be the case since she put tomcatAuthentication="false"
>tomcat should be taking the username from the JK_REMOTE_USER
>attribute.
>
>Marc

Doesn't the url mapping in the uriworkermap.properties file interrupt IIS from passing authentication
to Tomcat?

If you restrict access to a virtual directory in IIS, mapped to a servlet or webapp in Tomcat,
and there is a URL for that servlet/webapp in uriworkermap.properties, wouldn't Tomcat allow
access even though IIS attempts to say no?

I still have a server with IIS and the isapi_redirect.dll "Jakarta filter" running internally.

I created a new website in IIS, called test, using IIS port 8088, mapped to the examples directory
in Tomcat 6.0.26  (Tomcat's HTTP port is still 8080)
I added the "Jakarta" virtual directory to test.
I removed anonymous access and checked integrated windows security for test.

http://localhost:8088  supply credentials of user not allowed to this directory - yields no
access.
http://localhost:8088/examples I get right through, no challenge from IIS.

http://localhost:8088  supply credentials of user allowed, snoop JSP works, but Remote User
is null.  Everything else in snoop output had a value.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message