Fixed it, sort of. My advice to anyone having similar trouble with the Tomcat JK connector and IIS 5.0 is to futz with the "Anonymous User Account" settings (strip local domain name out, check the password, uncheck "Allow IIS to control password"). You might get lucky.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 11:53 AM To: [EMAIL PROTECTED] Subject: RE: How does IIS directory security relate to JK connector? To follow up, I just made some progress. By changing the "Anonymous User Account" in IIS for the tomcat virtual directory from the IUSR_ account to another local account, it works. Presumably it has to do with permissions, though I don't know in what way yet. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 11:17 AM To: [EMAIL PROTECTED] Subject: How does IIS directory security relate to JK connector? Hello, I installed the JK connector in IIS 5.0 on Win2K, directing JSP and servlet requests for a certain context to Tomcat 4.1.29, and though it works I can't access the Tomcat resources (JSPs and servlets) anonymously. In fact, the way IIS's "directory security" is involved is something of a mystery. I realize this is a Tomcat forum and not an IIS forum, but their integration is common so perhaps someone here will have some insight. Some details: I have an IIS virtual directory called "tomcat" pointing to a directory containing the isapi_redirector.dll, and the virtual directory has read and script execute permissions. In "directory security" for this virtual directory I have "anonymous access" checked. When I request a servlet or JSP, I get a "403 - Access denied" error. If I also check "Integrated Windows authentication" in directory security, then when I request a servlet or JSP the browser (IE) asks for a userid, password, and domain (obviously NTLM auth going on here) and if I supply valid credentials I can then access the resource. So, somehow these security settings for the virtual directory affect access to the JK connector, but how? Why does it aknowledge the request for "Integrated Windows authentication" but ignore the request for "Anonymous access"? Also, I can actually documents from the virtual directory without auth being invoked. For example, if I turn on "directory browsing" for this virtual directory, I can browse its contents via the browser with no problem and no authentication. If I add "foo.txt" to the directory I can retrieve that file, and if I add "foo.html" I can view that page. If, however, if I request the isapi_redirector.dll file itself, I get the authentication box. I've fiddled with the security settings for the DLL itself, granting "Everyone" read/execute access, but still no luck. Any ideas? Thanks! David A. Ventimiglia DSSG Wells Fargo Bank 415-222-6707 [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
