tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Manager App not working with Windows authentication enabled
Date Tue, 19 Mar 2013 22:28:26 GMT
Harris Mark R wrote:
> Environment:
> IIS 7.5
> Tomcat 7.037
> AJP/1.3 connector (redirector.dll) v 1.2
> Java 7
> 
> We have a requirement for a new intranet application that it use Windows authentication.
 We have this working in our new application.  We do have IIS, the connector and Tomcat serving
up the application with no problems.
> 
> What did happen is that we discovered that the manager application that comes with Tomcat
no longer is accessible.  We have some staff that use the manager app routinely.
> We did try to set up two AJP connectors, one defined in the server.xml with tomcatAuthentication="true"
and another set to false.   In the AJP property files we set the second one to only be mapped
to the manager URL.  This did not work as we expected.

Setting tomcatAuthentication="false" in this case means that Tomcat is going to rely on 
the authenticated user-id sent to it by the front-end, through AJP.
So you should authenticate the user at the Apache httpd front-end level.

> 
> Anyone have any ideas on how to get the manager application working?

How would you like the users of the manager application to be authenticated ?  also via 
Windows Integrated Authentication, or at the Apache httpd level, via some other mechanism
?

For a simple case, you could for example do this at the Apache httpd level :

<Location /manager>
   setHandler jakarta-servlet
   AuthType Basic
   AuthName tomcat-manager
   require user x y z ...
   ...
</Location>

(and set tomcatAuthentication="false")

("setHandler jakarta-servlet" in that <Location> section is roughly equivalent to "JkMount

/manager" worker1)

This syntax is explained in one of the on-line AJP connector's info pages on the tomcat 
website, at the very end of the page.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message