Question.  I never setup a custom Tomcat REALM and wondered if that is required 
by this ISAPI filter as another user at JavaRanch explained the following to me:

You'd have to provide the user principals and roles via a Tomcat Realm in order 
for getRemoteUser to work. Filters, IIS authenthicators - none of them setup 
the J2EE security context of which getUserPrincipal and getRemoteUser are parts.

How do I do that for this ISAPI filter setup if that is indeed true?

Thanks.  


-----Original Message-----
From: Savoy, Melinda 
Sent: Tuesday, June 22, 2010 7:59 AM
To: 'Tomcat Users List'; 'p...@pidster.com'
Subject: RE: Still having problem retrieving user value from ISAPI Filter for 
authentication

We have a custom filter that we're using because after we get the request and 
response info then I need to use the user value info and get the user also 
authenticated against a legacy system.

But right now I have that commented out in my web.xml so that I can go directly 
to a test index.jsp page and verify that the getRemoteUser() is acquiring the 
user info from ISAPI but ISAPI is not providing that info to me via this 
method.  I'm not sure, again, why it shows the info in the log but I cannot get 
to it directly.  I'm not sure how Ranier was able to get to it as he stated 
awhile back.

Thanks again. 

-----Original Message-----
From: Pid [mailto:p...@pidster.com] 
Sent: Tuesday, June 22, 2010 7:53 AM
To: 'Tomcat Users List'
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22/06/2010 13:36, Savoy, Melinda wrote:
> Thanks Pid, I did do that as well, but I did not see the user value there 
> either.  
> 
> Here is what I got when I did issue the getHeaderNames() and as you can see 
> the authorization shows the encrypted NTLM value but it is not decrypted and 
> I cannot get to the info though the ISAPI log shows the decrypted value which 
> I cannot get to:
> 
> === MimeHeaders ===
> accept = */*
> accept-language = en-us
> connection = Keep-Alive
> host = localhost
> user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; 
> Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 
> 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 
> MS-RTC LM 8; MS-RTC EA 2) cookie = 
> JSESSIONID=969AE176A965514B845A6E3A9E83A21E
> authorization = NTLM 
> TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAA
> AAAABIAAAABcKIogUBKAoAAAAP
> accept-encoding = gzip, deflate
> content-length = 0
> 
> I don't know what I'm doing wrong here.  Again, any help is appreciated.

What do you have defined in web.xml for security-config etc?


p


> Thanks.
> 
> -----Original Message-----
> From: Pid [mailto:p...@pidster.com]
> Sent: Tuesday, June 22, 2010 7:11 AM
> To: Tomcat Users List
> Subject: Re: Still having problem retrieving user value from ISAPI 
> Filter for authentication
> 
> On 22/06/2010 13:05, Marc Boorshtein wrote:
>> I haven't tried this with IIS, but we had quite the discussion on 
>> this last week with Apache & tomcat with JK.  In your server.xml file 
>> add tomcatAuthentication="false" to the AJP connector object.  If you 
>> look in the archives of this list for JK_REMOTE_USER there is a very 
>> interesting discussion on the topic.
> 
> Also, you could iterate through the headers in request.getHeaderNames() to 
> see what's being passed across to Tomcat.
> 
> 
> p
> 
> 
>> Marc
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> 
> 
> The information contained in this message and any attachments is intended 
> only for the use of the individual or entity to which it is addressed, and 
> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
> disclosure under applicable law.  If you are not the intended recipient, you 
> are prohibited from copying, distributing, or using the information.  Please 
> contact the sender immediately by return e-mail and delete the original 
> message from your system.




The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to