Re: IIS security with tomcat

Mon, 17 Oct 2005 15:02:02 -0700 

That does not sound particularly doable to me.
I'd assume that you'd want to look to the latest Tomcat 5.5.x for the best static file handling you can get out of it and essentially take IIS out of the picture. 

--
Jess Holle

Steve Gaunt wrote:


HI


That;'s what i'm trying to do..  But the user credentials are held within a database.  
Ideally, I want to forward to tomcat, do the login for the user, and somehow tell IIS all static conent from the session(or user) is allowed. Equally, I dont want the users to bookmark the pdf/html files(as these people pay to see them).  


I'm not sure how to do this with the web server, surely there must be a 
standard way of achieving this.  I've searched google but unable to find 
information about this.

Cheers



	-----Original Message----- 
	From: Jess Holle [mailto:[EMAIL PROTECTED] 
	Sent: Mon 17/10/2005 20:34 
	To: Tomcat Users List 
	Cc: 
	Subject: Re: IIS security with tomcat

        
        

        Sounds like IIS should be doing your authentication...
        
        Steve Gaunt wrote:
        
        >Hi
        >

	>I have IIS web server servicing static pdf/html content.  However, I only want to allow access to these if they have been authenticated by tomcat(using jk2 connector on the AJP connections). 
	>
	>I dont want to move these static pdf/htmls' onto tomcat(as the folder(s) size at the root is over 10G).  I've tried this and after about 10 hours of use, the tomcat website hosting the static content fails. 
	>

        >Ideally, the static conent should be serverd by IIS(as its good at 
doing that). But I dont want just anyone being able to view these?
        >

	>I've tried the response.sedREdirect("") 
	>

        >and passing the "www-authentication" into the header, but since the 
redirect goes back to the browser and rewrites the header, this info is lossed.
        >
        >HAs anyone else had similar problems ebfore??
        >
        >
        >
        >STeve
        >
        >
        >______________________________________________________________________
        >This email has been scanned by the MessageLabs Email Security System.
        >For more information please visit http://www.messagelabs.com/email
        >______________________________________________________________________

	> 
	>

        
        ---------------------------------------------------------------------
        To unsubscribe, e-mail: [EMAIL PROTECTED]
        For additional commands, e-mail: [EMAIL PROTECTED]
        
        
        ______________________________________________________________________
        This email has been scanned by the MessageLabs Email Security System.
        For more information please visit http://www.messagelabs.com/email
        ______________________________________________________________________
        


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.

For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to