On 22/06/2010 14:10, Savoy, Melinda wrote: > Question. I never setup a custom Tomcat REALM and wondered if that is > required by this ISAPI filter as another user at JavaRanch explained the > following to me: > > You'd have to provide the user principals and roles via a Tomcat Realm in > order for getRemoteUser to work. Filters, IIS authenthicators - none of them > setup the J2EE security context of which getUserPrincipal and getRemoteUser > are parts.
Your filter might. I don't know how it works or what it does though. Do you? p > How do I do that for this ISAPI filter setup if that is indeed true? > > Thanks. > > > -----Original Message----- > From: Savoy, Melinda > Sent: Tuesday, June 22, 2010 7:59 AM > To: 'Tomcat Users List'; 'p...@pidster.com' > Subject: RE: Still having problem retrieving user value from ISAPI Filter for > authentication > > We have a custom filter that we're using because after we get the request and > response info then I need to use the user value info and get the user also > authenticated against a legacy system. > > But right now I have that commented out in my web.xml so that I can go > directly to a test index.jsp page and verify that the getRemoteUser() is > acquiring the user info from ISAPI but ISAPI is not providing that info to me > via this method. I'm not sure, again, why it shows the info in the log but I > cannot get to it directly. I'm not sure how Ranier was able to get to it as > he stated awhile back. > > Thanks again. > > -----Original Message----- > From: Pid [mailto:p...@pidster.com] > Sent: Tuesday, June 22, 2010 7:53 AM > To: 'Tomcat Users List' > Subject: Re: Still having problem retrieving user value from ISAPI Filter for > authentication > > On 22/06/2010 13:36, Savoy, Melinda wrote: >> Thanks Pid, I did do that as well, but I did not see the user value there >> either. >> >> Here is what I got when I did issue the getHeaderNames() and as you can see >> the authorization shows the encrypted NTLM value but it is not decrypted and >> I cannot get to the info though the ISAPI log shows the decrypted value >> which I cannot get to: >> >> === MimeHeaders === >> accept = */* >> accept-language = en-us >> connection = Keep-Alive >> host = localhost >> user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; >> Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR >> 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; >> MS-RTC LM 8; MS-RTC EA 2) cookie = >> JSESSIONID=969AE176A965514B845A6E3A9E83A21E >> authorization = NTLM >> TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAA >> AAAABIAAAABcKIogUBKAoAAAAP >> accept-encoding = gzip, deflate >> content-length = 0 >> >> I don't know what I'm doing wrong here. Again, any help is appreciated. > > What do you have defined in web.xml for security-config etc? > > > p > > >> Thanks. >> >> -----Original Message----- >> From: Pid [mailto:p...@pidster.com] >> Sent: Tuesday, June 22, 2010 7:11 AM >> To: Tomcat Users List >> Subject: Re: Still having problem retrieving user value from ISAPI >> Filter for authentication >> >> On 22/06/2010 13:05, Marc Boorshtein wrote: >>> I haven't tried this with IIS, but we had quite the discussion on >>> this last week with Apache & tomcat with JK. In your server.xml file >>> add tomcatAuthentication="false" to the AJP connector object. If you >>> look in the archives of this list for JK_REMOTE_USER there is a very >>> interesting discussion on the topic. >> >> Also, you could iterate through the headers in request.getHeaderNames() to >> see what's being passed across to Tomcat. >> >> >> p >> >> >>> Marc >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> >> >> The information contained in this message and any attachments is intended >> only for the use of the individual or entity to which it is addressed, and >> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from >> disclosure under applicable law. If you are not the intended recipient, you >> are prohibited from copying, distributing, or using the information. Please >> contact the sender immediately by return e-mail and delete the original >> message from your system. > > > > > The information contained in this message and any attachments is intended > only for the use of the individual or entity to which it is addressed, and > may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from > disclosure under applicable law. If you are not the intended recipient, you > are prohibited from copying, distributing, or using the information. Please > contact the sender immediately by return e-mail and delete the original > message from your system. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > The information contained in this message and any attachments is intended > only for the use of the individual or entity to which it is addressed, and > may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from > disclosure under applicable law. If you are not the intended recipient, you > are prohibited from copying, distributing, or using the information. Please > contact the sender immediately by return e-mail and delete the original > message from your system.
signature.asc
Description: OpenPGP digital signature