IIS and Tomcat Security
Can I get user role ( request.isUserInRole() ) from a user authenticated by IIS ( windows integrated authentication (NTLM) ). I already get user name, but I dont know how to configure the file 'tomcat-users.xml' to set the user's roles. Using only IIS, it's easy. I only need to configure the directory permissions, and then, IIS allow or deny access to my web pages. Any help? Thanks Maurício Kanada
Vedr.: IIS and Tomcat security
Yes it does. request.getRemoteUser() in your JSP gives you the IIS authenticated user. Make sure your IIS is set to Integrated Windows authentication and insert request.tomcatAuthentication=false in your jk2.properties file. /Thomas Insyde [EMAIL PROTECTED] 15-04-2004 18:06 Besvar venligst til Tomcat Users List Til:[EMAIL PROTECTED] cc: Vedr.: IIS and Tomcat security Hi Does JK2 connector pass a security information to Tomcat, like the authenticated user? I coudn't find any information about this in JK2 documentation. In my project, I need that the IIS authenticates the users, and then, the Tomcat executes my web application with users and roles information. Thanks Maurício Kanada FONT SIZE=1 FACE=Arial___ Vi gør opmærksom på, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den. Selv om e-mailen og ethvert vedhæftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan påvirke computeren eller it-systemet, hvori den modtages og læses, åbnes den på modtagerens eget ansvar. Vi påtager os ikke noget ansvar for tab og skade, som er opstået i forbindelse med at modtage og bruge e-mailen. ___ Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. /FONT
Re: Vedr.: IIS and Tomcat security
Thomas I can't get the 'remote user' information in my web application. I think that is some wrong configuration. Can you send me workers2.properties and jk2.properties example files? Thanks Maurício Kanada - Original Message - From: Thomas Nybro Bolding [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, April 16, 2004 4:28 AM Subject: Vedr.: IIS and Tomcat security Yes it does. request.getRemoteUser() in your JSP gives you the IIS authenticated user. Make sure your IIS is set to Integrated Windows authentication and insert request.tomcatAuthentication=false in your jk2.properties file. /Thomas Insyde [EMAIL PROTECTED] 15-04-2004 18:06 Besvar venligst til Tomcat Users List Til:[EMAIL PROTECTED] cc: Vedr.: IIS and Tomcat security Hi Does JK2 connector pass a security information to Tomcat, like the authenticated user? I coudn't find any information about this in JK2 documentation. In my project, I need that the IIS authenticates the users, and then, the Tomcat executes my web application with users and roles information. Thanks Maurício Kanada FONT SIZE=1 FACE=Arial___ Vi gør opmærksom på, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den. Selv om e-mailen og ethvert vedhæftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan påvirke computeren eller it-systemet, hvori den modtages og læses, åbnes den på modtagerens eget ansvar. Vi påtager os ikke noget ansvar for tab og skade, som er opstået i forbindelse med at modtage og bruge e-mailen. ___ Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Vedr.: IIS and Tomcat security
Hi, Just wanted to add one thing : If I remember correctly, IIS only returns remoteUser on the authenticating request. If you want to use it's userid, you must grabb that in the first request and put it into the session, and use it from there afterwards. If my understanding of the matter is correct, the NTLM (windows intergrated authentication) the connection is authenticated, but not the request as usual, there for the userid is not sent (by the client usually MS Internet Explorer) when the connection has been authenticated. Then this connection is held untill the browser disconnects, or the server disconnects it. That's why you only get the userid on the authenticating request (first request into the realm). hope it helps [EMAIL PROTECTED] Insyde wrote: Thomas I can't get the 'remote user' information in my web application. I think that is some wrong configuration. Can you send me workers2.properties and jk2.properties example files? Thanks Maurício Kanada - Original Message - From: Thomas Nybro Bolding [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, April 16, 2004 4:28 AM Subject: Vedr.: IIS and Tomcat security Yes it does. request.getRemoteUser() in your JSP gives you the IIS authenticated user. Make sure your IIS is set to Integrated Windows authentication and insert request.tomcatAuthentication=false in your jk2.properties file. /Thomas Insyde [EMAIL PROTECTED] 15-04-2004 18:06 Besvar venligst til Tomcat Users List Til:[EMAIL PROTECTED] cc: Vedr.: IIS and Tomcat security Hi Does JK2 connector pass a security information to Tomcat, like the authenticated user? I coudn't find any information about this in JK2 documentation. In my project, I need that the IIS authenticates the users, and then, the Tomcat executes my web application with users and roles information. Thanks Maurício Kanada FONT SIZE=1 FACE=Arial___ Vi gør opmærksom på, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den. Selv om e-mailen og ethvert vedhæftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan påvirke computeren eller it-systemet, hvori den modtages og læses, åbnes den på modtagerens eget ansvar. Vi påtager os ikke noget ansvar for tab og skade, som er opstået i forbindelse med at modtage og bruge e-mailen. ___ Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
IIS and Tomcat security
Hi Does JK2 connector pass a security information to Tomcat, like the authenticated user? I coudn't find any information about this in JK2 documentation. In my project, I need that the IIS authenticates the users, and then, the Tomcat executes my web application with users and roles information. Thanks Maurício Kanada
HELP! IIS and Tomcat Security
Hi, I am using IIS5 and Tomcat 4.0.2. I am using FORM-BASED authentication for my webapp. The login form is loaded when I access the secured area using localhost:8080 but I get below error when accessing the page through IIS (localhost). I am using ajp13. Should that make any difference? I am so lost. Error: Apache Tomcat/4.0.2 - HTTP Status 403 - Access to the requested resource has been denied _ type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. Thanks very much. Bao-Ha Dam Bui [EMAIL PROTECTED] S. Jude Medical, Inc 651.765.1018
AW: HELP! IIS and Tomcat Security
I guess this is only a question of configuration. I haven't found the solution either - Something with the security manager Sombody how has configured this the right way should write a how to to be added to the tomcat docs. mit freundlichen Grussen Galexis AG Beat Friedli . SW-Entwicklung (DDIS/ASW) Grubenstrasse 11 . CH-3322 Schoenbuehl tel: +41 (0)31 858 72 32 . fax: +41 (0)31 858 78 81 -Ursprungliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 11. Juni 2002 18:24 An: [EMAIL PROTECTED] Betreff: HELP! IIS and Tomcat Security Hi, I am using IIS5 and Tomcat 4.0.2. I am using FORM-BASED authentication for my webapp. The login form is loaded when I access the secured area using localhost:8080 but I get below error when accessing the page through IIS (localhost). I am using ajp13. Should that make any difference? I am so lost. Error: Apache Tomcat/4.0.2 - HTTP Status 403 - Access to the requested resource has been denied _ type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. Thanks very much. Bao-Ha Dam Bui [EMAIL PROTECTED] S. Jude Medical, Inc 651.765.1018 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]