Re: IIS security with tomcat
That does not sound particularly doable to me. I'd assume that you'd want to look to the latest Tomcat 5.5.x for the best static file handling you can get out of it and essentially take IIS out of the picture. -- Jess Holle Steve Gaunt wrote: HI That;'s what i'm trying to do.. But the user credentials are held within a database. Ideally, I want to forward to tomcat, do the login for the user, and somehow tell IIS all static conent from the session(or user) is allowed. Equally, I dont want the users to bookmark the pdf/html files(as these people pay to see them). I'm not sure how to do this with the web server, surely there must be a standard way of achieving this. I've searched google but unable to find information about this. Cheers -Original Message- From: Jess Holle [mailto:[EMAIL PROTECTED] Sent: Mon 17/10/2005 20:34 To: Tomcat Users List Cc: Subject: Re: IIS security with tomcat Sounds like IIS should be doing your authentication... Steve Gaunt wrote: >Hi > >I have IIS web server servicing static pdf/html content. However, I only want to allow access to these if they have been authenticated by tomcat(using jk2 connector on the AJP connections). > >I dont want to move these static pdf/htmls' onto tomcat(as the folder(s) size at the root is over 10G). I've tried this and after about 10 hours of use, the tomcat website hosting the static content fails. > >Ideally, the static conent should be serverd by IIS(as its good at doing that). But I dont want just anyone being able to view these? > >I've tried the response.sedREdirect("") > >and passing the "www-authentication" into the header, but since the redirect goes back to the browser and rewrites the header, this info is lossed. > >HAs anyone else had similar problems ebfore?? > > > >STeve > > >__ >This email has been scanned by the MessageLabs Email Security System. >For more information please visit http://www.messagelabs.com/email >__ > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS security with tomcat
Hi Charles, The version of tomcat is 5, the 1 inside jboss 4,01. The problems is after about 10-15 hours of heavy use, the web app with the document root stops fails. All AJP connections get used up and are in the service mode. Even if I do a localhost within the browser, which will use the http connector, the browser just hangs. Maybe its worth a go using a standalone tomcat installation, but agin, that authentication is still an issue as this information is stored in the session. I use a 3 legs inside the architecture, but the load balancer is sticky sessions and i'm not to bothered if a leg goes down, the user just has to log in again. -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Mon 17/10/2005 21:37 To: Tomcat Users List Cc: Subject: RE: IIS security with tomcat > From: Steve Gaunt [mailto:[EMAIL PROTECTED] > Subject: RE: IIS security with tomcat > > I'm not sure how to do this with the web server, surely there > must be a standard way of achieving this. I've searched > google but unable to find information about this. Perhaps you should consider going back to trying Tomcat only. What level are you using? (If it's not 5.5.x, I'd strongly suggest moving up.) Exactly what kind of problems did you have when you tried it with Tomcat only? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
RE: IIS security with tomcat
> From: Steve Gaunt [mailto:[EMAIL PROTECTED] > Subject: RE: IIS security with tomcat > > I'm not sure how to do this with the web server, surely there > must be a standard way of achieving this. I've searched > google but unable to find information about this. Perhaps you should consider going back to trying Tomcat only. What level are you using? (If it's not 5.5.x, I'd strongly suggest moving up.) Exactly what kind of problems did you have when you tried it with Tomcat only? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS security with tomcat
HI That;'s what i'm trying to do.. But the user credentials are held within a database. Ideally, I want to forward to tomcat, do the login for the user, and somehow tell IIS all static conent from the session(or user) is allowed. Equally, I dont want the users to bookmark the pdf/html files(as these people pay to see them). I'm not sure how to do this with the web server, surely there must be a standard way of achieving this. I've searched google but unable to find information about this. Cheers -Original Message- From: Jess Holle [mailto:[EMAIL PROTECTED] Sent: Mon 17/10/2005 20:34 To: Tomcat Users List Cc: Subject: Re: IIS security with tomcat Sounds like IIS should be doing your authentication... Steve Gaunt wrote: >Hi > >I have IIS web server servicing static pdf/html content. However, I only want to allow access to these if they have been authenticated by tomcat(using jk2 connector on the AJP connections). > >I dont want to move these static pdf/htmls' onto tomcat(as the folder(s) size at the root is over 10G). I've tried this and after about 10 hours of use, the tomcat website hosting the static content fails. > >Ideally, the static conent should be serverd by IIS(as its good at doing that). But I dont want just anyone being able to view these? > >I've tried the response.sedREdirect("") > >and passing the "www-authentication" into the header, but since the redirect goes back to the browser and rewrites the header, this info is lossed. > >HAs anyone else had similar problems ebfore?? > > > >STeve > > >__ >This email has been scanned by the MessageLabs Email Security System. >For more information please visit http://www.messagelabs.com/email >__ > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: IIS security with tomcat
Sounds like IIS should be doing your authentication... Steve Gaunt wrote: Hi I have IIS web server servicing static pdf/html content. However, I only want to allow access to these if they have been authenticated by tomcat(using jk2 connector on the AJP connections). I dont want to move these static pdf/htmls' onto tomcat(as the folder(s) size at the root is over 10G). I've tried this and after about 10 hours of use, the tomcat website hosting the static content fails. Ideally, the static conent should be serverd by IIS(as its good at doing that). But I dont want just anyone being able to view these? I've tried the response.sedREdirect("") and passing the "www-authentication" into the header, but since the redirect goes back to the browser and rewrites the header, this info is lossed. HAs anyone else had similar problems ebfore?? STeve __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]