Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 54931 invoked from network); 23 Jun 2010 14:59:35 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 23 Jun 2010 14:59:35 -0000 Received: (qmail 28649 invoked by uid 500); 23 Jun 2010 14:59:31 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 28597 invoked by uid 500); 23 Jun 2010 14:59:30 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 28588 invoked by uid 99); 23 Jun 2010 14:59:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jun 2010 14:59:30 +0000 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=AWL,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of melindasavoy@texashealth.org designates 208.189.200.2 as permitted sender) Received: from [208.189.200.2] (HELO zixvpm02.texashealth.org) (208.189.200.2) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jun 2010 14:59:24 +0000 Received: from zixvpm02.texashealth.org (ZixVPM [127.0.0.1]) by Outbound.texashealth.org (Proprietary) with ESMTP id 733844C0C0 for ; Wed, 23 Jun 2010 08:49:56 -0500 (CDT) Received: from mail.texashealth.org (unknown [167.99.5.23]) by zixvpm02.texashealth.org (Proprietary) with ESMTP id 505984C086; Wed, 23 Jun 2010 08:49:55 -0500 (CDT) Received: from ([167.99.5.23]) by ftwismtp01.txhealth.org with ESMTP with TLS id 3RT19K1.122051555; Wed, 23 Jun 2010 09:59:00 -0500 Received: from PHDEXHUB02.txhealth.org (10.202.33.250) by ftwexedg02.txhealth.org (167.99.57.150) with Microsoft SMTP Server (TLS) id 8.1.393.1; Wed, 23 Jun 2010 09:59:00 -0500 Received: from PHDEXMB01.txhealth.org ([::1]) by PHDEXHUB02.txhealth.org ([::1]) with mapi; Wed, 23 Jun 2010 09:58:53 -0500 From: "Savoy, Melinda" To: 'Tomcat Users List' , "'pid@pidster.com'" Date: Wed, 23 Jun 2010 09:58:51 -0500 Subject: RE: Still having problem retrieving user value from ISAPI Filter for authentication Thread-Topic: Still having problem retrieving user value from ISAPI Filter for authentication Thread-Index: AcsSyo9lIADIAS2PSu6k8qJguLkffQAB49EwAAR7BOA= Message-ID: <45572F79660DDC429F6B44582360A9AB010B0715B0@PHDEXMB01.txhealth.org> References: <45572F79660DDC429F6B44582360A9AB010B0710A1@PHDEXMB01.txhealth.org> <45572F79660DDC429F6B44582360A9AB010B0711FD@PHDEXMB01.txhealth.org> <4C20A853.6040901@pidster.com> <45572F79660DDC429F6B44582360A9AB010B071209@PHDEXMB01.txhealth.org> <4C20B213.3080107@pidster.com> <45572F79660DDC429F6B44582360A9AB010B071217@PHDEXMB01.txhealth.org> <4C20B6E0.2070702@pidster.com> <45572F79660DDC429F6B44582360A9AB010B07122D@PHDEXMB01.txhealth.org> <4C20C32D.8050109@pidster.com> <45572F79660DDC429F6B44582360A9AB010B071258@PHDEXMB01.txhealth.org> <4C20F091.6000400@kippdata.de> <45572F79660DDC429F6B44582360A9AB010B071396@PHDEXMB01.txhealth.org> <4C21660D.60807@kippdata.de> <4C21D7C9.5060909@kippdata.de> <4C21F561.3000501@pidster.com> <45572F79660DDC429F6B44582360A9AB01084BF081@PHDEXMB01.txhealth.org> In-Reply-To: <45572F79660DDC429F6B44582360A9AB01084BF081@PHDEXMB01.txhealth.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US x-tm-as-product-ver: SMEX-8.0.0.1307-6.000.1038-17348.000 x-tm-as-result: No--58.568600-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Let me ask another question if I might in addition to the one below: In my ISAPI log it shows: [Wed Jun 23 09:50:59.568 2010] [5024:6028] [debug] jk_isapi_plugin.c (310= 8): Service protocol=3DHTTP/1.1 method=3DGET host=3D127.0.0.1 addr=3D127.= 0.0.1 name=3Dlocalhost port=3D80 auth=3DNTLM user=3DTEXAS\SavoyM uri=3D/i= ndex.jsp The value of "80" is shown, my question is does this line in my ISAPI log= show the request as to where it is coming from, meaning IIS since IIS is= on port 80? My tomcat app is running on port 9080. Just curious. I think, I am going on to try Waffle, instead of trying to pursue this an= y further. dB has been kind enough to offer his help in getting me setup= =2E I just thought I'd ask this one last question. Thanks for all the time an= d help. Regards. -----Original Message----- From: Savoy, Melinda=20 Sent: Wednesday, June 23, 2010 7:50 AM To: 'Tomcat Users List'; 'pid@pidster.com' Subject: RE: Still having problem retrieving user value from ISAPI Filter= for authentication Let me ask, what maybe a stupid question now, but when I print out the en= umeration value of the request header names, see below, using request.get= HeaderNames() should the user be listed as one of the headers which is pa= ssed on from the ISAPI filter: =3D=3D=3D MimeHeaders =3D=3D=3D accept =3D */* accept-language =3D en-us connection =3D Keep-Alive host =3D localhost user-agent =3D Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident= /4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; Info= Path.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC E= A 2) authorization =3D NTLM TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAA= AAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP accept-encoding =3D gzip, deflate content-length =3D 0 Thank you. -----Original Message----- From: Pid [mailto:pid@pidster.com]=20 Sent: Wednesday, June 23, 2010 6:52 AM To: Tomcat Users List Subject: Re: Still having problem retrieving user value from ISAPI Filter= for authentication On 23/06/2010 10:45, Rainer Jung wrote: > On 23.06.2010 09:51, Pid wrote: >> On 23 Jun 2010, at 02:40, Rainer Jung wrote: >> >>> On 22.06.2010 21:59, Marc Boorshtein wrote: >>>>> >>>>> Unless you are going to authenticate via one of Tomcat's=20 >>>>> authentication methods; BASIC, FORM, etc, then getRemoteUser() is=20 >>>>> going to return null. >>>>> >>>>> You'll need to add a security constraint, login-config and=20 >>>>> security-role to your web.xml to test getRemoteUser(); in just Tomc= at. >>>>> >>>> >>>> This shouldn't be the case since she put tomcatAuthentication=3D"fal= se" >>>> tomcat should be taking the username from the JK_REMOTE_USER=20 >>>> attribute. >>>> >>>> Have you tried a wireshark packet capture? >>> >>> The log file of the ISAPI redirector she presented already contains=20 >>> a dump of the AJP packet the redirector is going to send out. The=20 >>> dump shows the correct user string contained in the packet. >>> >>> I've got no idea what's wrong here. >> >> Would you expect the user value normally to be set as another=20 >> (REMOTE_USER type) header by ISAPI? >=20 > No, it gets send as an AJP specific request attribute that the AJP=20 > connectors know about. It's not an HTTP header. OK, and I'm guessing that if there was a way to get the AJP connector to = dump those attributes you'd have said so by now. p > Regards, >=20 > Rainer >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org >=20 The information contained in this message and any attachments is intended= only for the use of the individual or entity to which it is addressed, a= nd may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt f= rom disclosure under applicable law. If you are not the intended recipie= nt, you are prohibited from copying, distributing, or using the informati= on. Please contact the sender immediately by return e-mail and delete th= e original message from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org