Hi all,
How does the jk connector fit into the J2EE security model in tomcat using the example UserDatabaseRealm? I have IIS + NT4 + isapi redirector + tomcat5-18. What I would like: ------------------ I am attempting to have IIS perform the NTLM authentication and then past the NTLM credential through the isapi redirector to tomcat. Tomcat can then perform the authentication/authorisation as per normal using the J2EE security model. In my case I have the example UserDatabaseRealm configured. To prevent Tomcat from popping up the 'login' prompt I have jk2.properties set with request.tomcatAuthentication=false I am hoping that tomcat will use the IIS authentication *BUT* still activate the UserDatabaseRealm to perform the authorisation, since authorisation requires authentication. Does it make sense? But it is not happening. What I am getting: ------------------ The isapi redirector is passing the NTLM authentications details down to tomcat via the isapi filter. The authorisation tag in the AJP header has something like authorization: NTLM EREREWRWRWERWERWERWERAAAAAAAAAAAAAAAAAAA so from my understanding that is the NTLM hash containing the password and username. Tomcat has the UserDatabaseRealm activated with the relevant web.xml entries to protect the example http://localhost/jsp-examples/security/protected/index.jsp. >From the tomcat logs the user is coming across as 'DOMAINNAME\username'. So I have the *exact* same string in the tomcat-users.xml. It works fine when accessing tomcat via http but not when going through IIS + isapi redirector. However tomcat is returning a 403 denied access. It is evident from the tomcat logs that UserDatabaseRealm is not being hit as there is no log entry from the it. Why? I have read everything about NTLM and tomcat realms but not sure how to make the J2EE security model use the NTLM credentials over the isapi redirector. Any help is most appreciated. -lp --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
