Re: Vedr.: IIS and Tomcat security

Fri, 16 Apr 2004 10:12:32 -0700 

Hi,
Just wanted to add one thing :

If I remember correctly, IIS only returns remoteUser on the authenticating request. If you want to use it's userid, you must grabb that in the first request and put it into the session, and use it from there afterwards.

If my understanding of the matter is correct, the NTLM (windows intergrated authentication) the connection is authenticated, but not the request as usual, there for the userid is not sent (by the client usually MS Internet Explorer) when the connection has been authenticated. Then this connection is held untill the browser disconnects, or the server disconnects it. That's why you only get the userid on the authenticating request (first request into the realm).

hope it helps
[EMAIL PROTECTED]





Insyde wrote:
Thomas

I can't get the 'remote user' information in my web application. I think
that is some wrong configuration. Can you send me  workers2.properties and
jk2.properties example files?

Thanks

Maur�cio Kanada


----- Original Message ----- From: "Thomas Nybro Bolding" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, April 16, 2004 4:28 AM
Subject: Vedr.: IIS and Tomcat security


Yes it does.

request.getRemoteUser() in your JSP gives you the IIS authenticated user.
Make sure your IIS is set to Integrated Windows authentication and insert
request.tomcatAuthentication=false in your jk2.properties file.

/Thomas





"Insyde" <[EMAIL PROTECTED]>
15-04-2004 18:06
Besvar venligst til "Tomcat Users List"


        Til:    <[EMAIL PROTECTED]>
        cc:
        Vedr.:  IIS and Tomcat security



Hi

Does JK2 connector pass a security information to Tomcat, like the
authenticated user? I coudn't find any information about this in JK2
documentation. In my project, I need that the IIS authenticates the users,
and then, the Tomcat executes my web application with users and roles
information.

Thanks

Maur�cio Kanada



<FONT SIZE=1 FACE="Arial">_______________
Vi g�r opm�rksom p�, at denne e-mail kan indeholde fortrolig information.
Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst
informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi
dig slette e-mailen i dit system uden at videresende eller kopiere den.
Selv om e-mailen og ethvert vedh�ftet bilag efter vores overbevisning er fri
for virus og andre fejl, som kan p�virke computeren eller it-systemet, hvori
den modtages og l�ses, �bnes den p� modtagerens eget ansvar. Vi p�tager os
ikke noget ansvar for tab og skade, som er opst�et i forbindelse med at
modtage og bruge e-mailen.
_______________
Please note that this message may contain confidential information. If you
have received this message by mistake, please inform the sender of the
mistake by sending a reply, then delete the message from your system without
making, distributing or retaining any copies of it.
Although we believe that the message and any attachments are free from
viruses and other errors that might affect the computer or IT system where
it is received and read, the recipient opens the message at his or her own
risk. We assume no responsibility for any loss or damage arising from the
receipt or use of this message.
</FONT>




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to