Hi, Sounds like you need to set tomcatAuthentication="false" for JK.
Have a look at my blog on upgrading issues here http://www.adcworks.com/blog/ Allistair. > -----Original Message----- > From: Sue Roe [mailto:[EMAIL PROTECTED] > Sent: 27 January 2005 11:09 > To: [EMAIL PROTECTED] Apache. Org (tomcat-user@jakarta.apache.org) > Subject: IIS, Tomcat and NTLM Authentication > > > Hi > > > > We have just upgraded our server software, running a Java > application, as > follows: > > > > From: > > IIS 4, Tomcat 4.1 - both running on same server - NT4 > > To: > > IIS 5, Tomcat 4.1 - both running on same server - Windows 2000 > > > > The application is to be available to all staff, either over > the Intranet > or the Internet. > > > > An issue has arisen with NTLM authentication. We extract a users > domain\username details using NTLM Authentication, the code > is listed at the > bottom of this e-mail. This mechanism worked 100% on the old > configuration. > Unfortunately with the IIS server upgrade and change in OS the > authentication details do not seem to be being picked up in > two scenarios. > > > > 1. IE 6, unless Enable Integrated Windows Authentication > is disabled. > We don't really want Browser settings to affect access. > 2. IE 5! (We are trying to force client sites to upgrade > to IE6, but > still why does the NTLM Authentication break down here?) > > > > The IIS settings are as follow: > > Default Web Site: > > Anonymous Access - OFF > > Basic Authentication - ON > > Integrated Windows > Authentication - ON > > Jakarta Virtual Directory: > > Anonymous Access - ON > > Basic Authentication - ON > > Integrated Windows > Authentication - ON > > > > If anyone has had any similar experiences or knows of any > other mechanism to > retrieve domain/username, it would be great to hear. > > > > Thanks > > Sue > > > > > > Code to Extract domain/user Details > > ************************************************************** > ************** > *********** > > String auth = request.getHeader("Authorization"); > > if (auth == null) { > > response.setStatus(response.SC_UNAUTHORIZED); > > response.setHeader("WWW-Authenticate", "NTLM"); > > return; > > } > > String domain = ""; > > String username = ""; > > if (auth.startsWith("NTLM ")) { > > byte[] msg = new > sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5)); > > int off = 0, length, offset; > > if (msg[8] == 1){ > > byte z = 0; > > byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', > (byte)'M', (byte)'S', (byte)'S', (byte)'P', > > z,(byte)2, z, z, z, z, z, z, > z,(byte)40, z, z, z, > > (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, > > (byte)2, z, z, z, z, z, z, z, z, z, z, z, z}; > > response.setHeader("WWW-Authenticate", "NTLM " + > > new > sun.misc.BASE64Encoder().encodeBuffer(msg1)); > > response.sendError(response.SC_UNAUTHORIZED); > > return; > > } else if (msg[8] == 3) { > > off = 30; > > length = msg[off+17]*256 + msg[off+16]; > > offset = msg[off+19]*256 + msg[off+18]; > > String remoteHost = new String(msg, > offset, length); > > length = msg[off+1]*256 + msg[off]; > > offset = msg[off+3]*256 + msg[off+2]; > > domain = new String(msg, offset, length); > > length = msg[off+9]*256 + msg[off+8]; > > offset = msg[off+11]*256 + msg[off+10]; > > username = new String(msg, offset, length); > > String employeeNTLogin = domain + "\\" + username; > > context.log("User NT Login: "+ > employeeNTLogin + ":: " + > new Date(System.currentTimeMillis())); > > session.setAttribute (Constants.DATABASE, > context.getAttribute(Constants.DATABASE)); > > Employee userEmployee=null; > > // 1. Get Employee Object for NT Login of > User & Roles > > try { > > userEmployee = > myEmployeeDAO_Pool.getDetailsByNTLogin(employeeNTLogin); > > } catch (DAOException daoex){ > > } > > session.setAttribute(Constants.USER_EMPLOYEE, > userEmployee); > > etc etc > > > > ************************************************************** > ************** > ************************ > > > > ********************************************************************** > ***Disclaimer*** > > The contents of this Email may be privileged and are > confidential. If you are not the intended recipient, any > disclosure, copying, distribution or any action taken or > omitted to be taken in reliance on it, is prohibited and may > be unlawful. > > Should you wish to use Email as a mode of communication, CMi > plc and its subsidiaries are unable to guarantee the security > of Email content outside of our own computer systems. > > This footnote also confirms that this e-mail message has been > swept by Mimesweeper for the presence of computer viruses. > Whilst we run anti-virus software, you are solely responsible > for ensuring that any e-mail or attachment you receive is > virus free. We disclaim any liability for any damage you > suffer as a consequence of receiving any virus. > > Checkmate International plc (CMi) > Registered in England No 1899857 > Registered Office 4th Floor, 35 New Bridge Street, London, EC4V 6BW > Head Office Tele + 44 (0) 1993 885600 > Head Office Fax + 44 (0) 1993 885603 > Web Site : www.cmi-plc.com > ********************************************************************** > > <FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLUE> ------------------------------------------------------- QAS Ltd. Developers of QuickAddress Software <a href="http://www.qas.com";>www.qas.com</a> Registered in England: No 2582055 Registered in Australia: No 082 851 474 ------------------------------------------------------- </FONT> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
