Vedr.: IIS and Tomcat security
Yes it does. request.getRemoteUser() in your JSP gives you the IIS authenticated user. Make sure your IIS is set to Integrated Windows authentication and insert request.tomcatAuthentication=false in your jk2.properties file. /Thomas Insyde [EMAIL PROTECTED] 15-04-2004 18:06 Besvar venligst til Tomcat Users List Til:[EMAIL PROTECTED] cc: Vedr.: IIS and Tomcat security Hi Does JK2 connector pass a security information to Tomcat, like the authenticated user? I coudn't find any information about this in JK2 documentation. In my project, I need that the IIS authenticates the users, and then, the Tomcat executes my web application with users and roles information. Thanks Maurício Kanada FONT SIZE=1 FACE=Arial___ Vi gør opmærksom på, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den. Selv om e-mailen og ethvert vedhæftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan påvirke computeren eller it-systemet, hvori den modtages og læses, åbnes den på modtagerens eget ansvar. Vi påtager os ikke noget ansvar for tab og skade, som er opstået i forbindelse med at modtage og bruge e-mailen. ___ Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. /FONT
Re: Vedr.: IIS and Tomcat security
Thomas I can't get the 'remote user' information in my web application. I think that is some wrong configuration. Can you send me workers2.properties and jk2.properties example files? Thanks Maurício Kanada - Original Message - From: Thomas Nybro Bolding [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, April 16, 2004 4:28 AM Subject: Vedr.: IIS and Tomcat security Yes it does. request.getRemoteUser() in your JSP gives you the IIS authenticated user. Make sure your IIS is set to Integrated Windows authentication and insert request.tomcatAuthentication=false in your jk2.properties file. /Thomas Insyde [EMAIL PROTECTED] 15-04-2004 18:06 Besvar venligst til Tomcat Users List Til:[EMAIL PROTECTED] cc: Vedr.: IIS and Tomcat security Hi Does JK2 connector pass a security information to Tomcat, like the authenticated user? I coudn't find any information about this in JK2 documentation. In my project, I need that the IIS authenticates the users, and then, the Tomcat executes my web application with users and roles information. Thanks Maurício Kanada FONT SIZE=1 FACE=Arial___ Vi gør opmærksom på, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den. Selv om e-mailen og ethvert vedhæftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan påvirke computeren eller it-systemet, hvori den modtages og læses, åbnes den på modtagerens eget ansvar. Vi påtager os ikke noget ansvar for tab og skade, som er opstået i forbindelse med at modtage og bruge e-mailen. ___ Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Vedr.: IIS and Tomcat security
Hi, Just wanted to add one thing : If I remember correctly, IIS only returns remoteUser on the authenticating request. If you want to use it's userid, you must grabb that in the first request and put it into the session, and use it from there afterwards. If my understanding of the matter is correct, the NTLM (windows intergrated authentication) the connection is authenticated, but not the request as usual, there for the userid is not sent (by the client usually MS Internet Explorer) when the connection has been authenticated. Then this connection is held untill the browser disconnects, or the server disconnects it. That's why you only get the userid on the authenticating request (first request into the realm). hope it helps [EMAIL PROTECTED] Insyde wrote: Thomas I can't get the 'remote user' information in my web application. I think that is some wrong configuration. Can you send me workers2.properties and jk2.properties example files? Thanks Maurício Kanada - Original Message - From: Thomas Nybro Bolding [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, April 16, 2004 4:28 AM Subject: Vedr.: IIS and Tomcat security Yes it does. request.getRemoteUser() in your JSP gives you the IIS authenticated user. Make sure your IIS is set to Integrated Windows authentication and insert request.tomcatAuthentication=false in your jk2.properties file. /Thomas Insyde [EMAIL PROTECTED] 15-04-2004 18:06 Besvar venligst til Tomcat Users List Til:[EMAIL PROTECTED] cc: Vedr.: IIS and Tomcat security Hi Does JK2 connector pass a security information to Tomcat, like the authenticated user? I coudn't find any information about this in JK2 documentation. In my project, I need that the IIS authenticates the users, and then, the Tomcat executes my web application with users and roles information. Thanks Maurício Kanada FONT SIZE=1 FACE=Arial___ Vi gør opmærksom på, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den. Selv om e-mailen og ethvert vedhæftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan påvirke computeren eller it-systemet, hvori den modtages og læses, åbnes den på modtagerens eget ansvar. Vi påtager os ikke noget ansvar for tab og skade, som er opstået i forbindelse med at modtage og bruge e-mailen. ___ Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]