RE: JAR replaced in lib not seen in Eclipse projects

[Savoy, Melinda]

I have a project in my workspace for this specific JAR and there I have the 
source files.  I exported the project to a JAR into the server's lib directory.

When debugging I put a breakpoint in the source file and when the program hits 
that breakpoint the .class file comes up and I step thru the .class file which 
is the old file and the reference to that file is in the JAR that resides in 
the lib directory however the lib says it has the new JAR and the new files.

I have restarted the server but does not fix issue.
I have deleted server from eclipse servers and reinstalled it.
I do not know how to look at the classloader of my class.  Can u please help?

Thanks.

-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] 
Sent: Wednesday, October 26, 2011 2:27 PM
To: Tomcat Users List
Subject: Re: JAR replaced in lib not seen in Eclipse projects

2011/10/26 Savoy, Melinda :
> I made updates on 2 files in a JAR file that I replaced in the lib directory 
> of my tomcat server.  All my projects in my eclipse workspace reference the 
> Apache Tomcat v6.0 [Apache Tomcat v6.0] library in my build path.  However 
> when I am debugging my app the old files I modified in my jar are still being 
> called.
>
> Any suggestions on what I'm doing wrong would be appreciated.  Thanks.

I'd guess that you replaced binaries only. How would eclipse find the
source code for them during debugging? Maybe it executes the new
classes, but still shows the old sources.

I hope that you have at least restarted Tomcat.

If everything else fails, you can delete the server runtime and
recreate it anew.

If you are debugging your app, you may look at the classloader of your
class. By examining the classloader hierarchy you may find whether it
is uses the jar file that you think it should be using.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

JAR replaced in lib not seen in Eclipse projects

[Savoy, Melinda]

I made updates on 2 files in a JAR file that I replaced in the lib directory of 
my tomcat server.  All my projects in my eclipse workspace reference the Apache 
Tomcat v6.0 [Apache Tomcat v6.0] library in my build path.  However when I am 
debugging my app the old files I modified in my jar are still being called.

Any suggestions on what I'm doing wrong would be appreciated.  Thanks.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: Passing user id from web page to tomcat webapp

[Savoy, Melinda]

It is not java code.  As I stated, I inherited this stuff.  In speaking to my 
co-worker, he basically said that the DNS entry maps to an ASP page that 
contains the code below and then that value is sent back to my index.jsp page 
where I grab it via a servlet and validate it through my java code.  Working 
with IIS I found to be a major issue and so on another java app where I do AD 
authentication, we use the Waffle product and it's fantastic and very easy to 
get up and running.

Sorry for the confusion.  Regards.  

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com] 
Sent: Thursday, July 14, 2011 9:01 AM
To: Tomcat Users List
Subject: Re: Passing user id from web page to tomcat webapp

Savoy, Melinda wrote:
> David,
> 
> You might try the following, instead of getRemoteUser, as we use this to get 
> the USERID from IIS.  I inherited this code so I really can't speak to it a 
> lot but it's working.
> 
> Regards.
> 
> 
> '  get user ID from header **
> 
>   XUserID = Request.ServerVariables("AUTH_USER")
>
>   L=Len(XUserID)
>   
>   if L > 0 then
>  Pos = InStr( XUserID,"\")
>  
>  if Pos > 0 then
> ID = Right(XUserID,(L-Pos) )
> strUserID = ID
>  end if
>   else
>   strUserID = XUserID
>   end if
> 
> isUserID = strUserID
> 

Melinda,

*where* is that thing working ?
It doesn't look like any Java code to me ..


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Passing user id from web page to tomcat webapp

[Savoy, Melinda]

David,

You might try the following, instead of getRemoteUser, as we use this to get 
the USERID from IIS.  I inherited this code so I really can't speak to it a lot 
but it's working.

Regards.


'  get user ID from header **

  XUserID = Request.ServerVariables("AUTH_USER")
   
  L=Len(XUserID)
  
  if L > 0 then
 Pos = InStr( XUserID,"\")
 
 if Pos > 0 then
ID = Right(XUserID,(L-Pos) )
strUserID = ID
 end if
  else
strUserID = XUserID
  end if

isUserID = strUserID



-Original Message-
From: David kerber [mailto:dcker...@verizon.net] 
Sent: Thursday, July 14, 2011 8:08 AM
To: Tomcat Users List
Subject: Passing user id from web page to tomcat webapp

I have a situation where my users will be logging into their pages on an 
IIS 5 web server, which authenticates them with their user ID and 
password as configured in IIS.  This works fine.

Now I need to add some new functionality to the web site that will be 
using my tomcat webapp, and I don't want them to have to authenticate 
again in my app, so I'm trying to figure out how to pass the user ID 
from the web page on IIS, to my webapp.  I thought 
request.getRemoteUser() would do it, but that's returning null, rather 
than the loggged-in user ID.

Here's what I have so far:

The web page on IIS has a simple form to ask for an input, which is 
needed by the webapp's Servlet (EddSrvConfig):


 
   Site: 
   
 



When I debug on the TC side, I get the request, and the parameters from 
the  controls are there, but I don't get a user ID.  How can I do 
that?  Do I need a different kind of call than a GET?  A different 
method than .getRemoteUser() in my webapp?  Or what?

Thanks!
Dave

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question on WORK directory of tomcat container

[Savoy, Melinda]

Due to a conflict between the cached JSPs in the work directory of a tomcat 
container on our app's QA Windows 2003 server, does the tomcat service have to 
be restarted?

Any help would be greatly appreciated.  Thanks.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

Question on WORK directory of tomcat container

[Savoy, Melinda]

Due to a conflict between the cached JSPs in the work directory of a tomcat 
container on our app's QA Windows 2003 server, does the tomcat service have to 
be restarted?

Any help would be greatly appreciated.  Thanks.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: Question on exception error

[Savoy, Melinda]

Thanks for all the help. 

Regards.

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
Sent: Sunday, April 17, 2011 6:56 PM
To: Tomcat Users List
Subject: RE: Question on exception error

> From: Savoy, Melinda [mailto:melindasa...@texashealth.org] 
> Subject: RE: Question on exception error

> We're running: Tomcat 6.0.18

Just on general principles, I would move up to something newer than that - it's 
almost three years old, and lots of security and other bug fixes have gone in 
since then.  6.0.32 is current, and migrating from 6.0.18 to 6.0.32 should be 
trivial.

> JVM: 1.6.0.16

Also a bit out of date.

> We do not have Tomcat front-ended by a webserver.

Then it's highly likely to be either the client not waiting for the response, 
or a network hiccup.  Extremely unlikely to be a problem in Tomcat or your 
webapp.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on exception error

[Savoy, Melinda]

My apologies, Charles.

We're running:  Tomcat 6.0.18
JVM:1.6.0.16

We do not have Tomcat front-ended by a webserver.

I am hoping you're correct.  I was unable to contact the user and therefore the 
reason for this email.

Thanks for the reply.  Regards.

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
Sent: Sunday, April 17, 2011 6:40 PM
To: Tomcat Users List
Subject: RE: Question on exception error

> From: Savoy, Melinda [mailto:melindasa...@texashealth.org] 
> Subject: Question on exception error

> We just moved from a JBoss app server to Tomcat 

Care to give us a hint about what Tomcat version?  (Be precise.)  Also, the JVM 
level, the platform you're running on, and whether or not you have Tomcat 
front-ended by a webserver such as httpd or IIS.

> we got the following error 
> ClientAbortException:  java.io.IOException

Likely just a simple client disconnect (e.g., closing the browser) before the 
response was sent.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question on exception error

[Savoy, Melinda]

We just moved from a JBoss app server to Tomcat early this morning and all 
appeared to be going well and then we got the following error and trying to 
decipher its meaning but coming up short.  Any help/suggestions on what 
occurred would be appreciated.

Here is the error:

ClientAbortException:  java.io.IOException
at 
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:358)
at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:434)
at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:349)
at 
org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:381)
at 
org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:370)
at 
org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:89)
at 
net.sourceforge.stripes.action.StreamingResolution.stream(StreamingResolution.java:447)
at 
net.sourceforge.stripes.action.StreamingResolution.execute(StreamingResolution.java:240)
at 
net.sourceforge.stripes.controller.DispatcherHelper$7.intercept(DispatcherHelper.java:508)
at 
net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:158)
at 
net.sourceforge.stripes.controller.HttpCacheInterceptor.intercept(HttpCacheInterceptor.java:99)
at 
net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
at 
net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:113)
at 
net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:155)
at 
net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:74)
at 
net.sourceforge.stripes.controller.DispatcherHelper.executeResolution(DispatcherHelper.java:502)
at 
net.sourceforge.stripes.controller.DispatcherServlet.executeResolution(DispatcherServlet.java:286)
at 
net.sourceforge.stripes.controller.DispatcherServlet.service(DispatcherServlet.java:170)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at 
net.sourceforge.stripes.controller.StripesFilter.doFilter(StripesFilter.java:247)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at root.servlet.HttpFilter.doFilter(HttpFilter.java:37)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at waffle.servlet.NegotiateSecurityFilter.doFilterPrincipal(Unknown 
Source)
at waffle.servlet.NegotiateSecurityFilter.doFilter(Unknown Source)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at 
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at 
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:574)
at 
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1527)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.IOException
at 
org.apache.coyote.http11.InternalAprOutputBuffer.flushBuffer(InternalAprOutputBuffer.java:695)
at 
org.apache.coyote.http11.InternalAprOutputBuffer$SocketOutputBuffer.doWrite(InternalAprOutputBuffer.java:725)
at 
org.apache.coyote.http11.filters.ChunkedOutputFilter.doWrite(ChunkedOutputFilter.java:126)
at 
org.apache.coyote.http11.InternalAprOutputBuffer.doWrite(InternalAprOutputBuffer.java:531)
at org.apache.coyote.Response.doWrite(Response.java:560)
at 
org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:353)
... 40 more

Thank you.


Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Bl

RE: Please help - Question on Tomcat Startup

[Savoy, Melinda]

Sorry for the email below.  I got my problem fixed.  For some reason, some 
files from my LIB directory were deleted.   The only thing I had done in 
eclipse was to add a web service project and why my files in tomcat would be 
deleted in beyond me.

If anyone has seen this before any help/response would be appreciated.  Thanks 
anyway.

Regards.

_
From: Savoy, Melinda
Sent: Friday, January 21, 2011 6:35 AM
To: 'users@tomcat.apache.org'
Subject: Please help - Question on Tomcat Startup


I have what I think is a weird situation.

I have two workspaces in 2 different versions of Eclipse that reside in 2 
different directories and whereby I have 2 different versions of the tomcat 
server that reside in 2 different directories on my Windows XP box.

In one my workspaces, which is a test workspace, I was testing how to do a web 
service by choosing the web service project option in Eclipse Helios.  I am 
running Tomcat 6.0.30.  What is WEIRD, is that I then went to another workspace 
where I'm running Eclipse Galileo and Tomcat 6.0.18 and tried to start my 
Tomcat server I got the 2 FAIL errors below which is the same error(s) I got on 
my other workspace.  I am not understanding what change on my box was able to 
create these errors on 2 different tomcat servers.

Any help would be greatly appreciated.  Thanks.

05:47:50,755 WARN  [Digester] 
[SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 
'source' to 'org.eclipse.jst.jee.server:SCMIS' did not find a matching property.
05:47:50,770 INFO  [AprLifecycleListener] The APR based Apache Tomcat Native 
library which allows optimal performance in production environments was not 
found on the java.library.path: C:\Program 
Files\Java\jre6\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:/Program
 Files/Java/jre6/bin/client;C:/Program Files/Java/jre6/bin;C:\Program 
Files\IBM\SDP70Shared\AgentController\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program
 Files\Microsoft SQL Server\80\Tools\BINN;C:\Program 
Files\Rational\common;C:\Program Files\Windows Imaging\;c:\Program 
Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL 
Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL 
Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL 
Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual 
Studio .NET 2005\Common7\IDE\PrivateAssemblies\;C:\Program 
Files\NetManage\RUMBA\System;C:\Program Files\NetManage\RUMBA\;C:\Program 
Files\Microsoft Application Virtualization 
Client;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Hyperion/common/EssbaseRTC/9.3.1/bin;C:\Hyperion\common\ODBC\Merant\5.2\Drivers;C:\Hyperion\BIPlus\bin;C:\Hyperion\BIPlus\lib;C:\Hyperion\common\SAP\bin;C:\Program
 Files\Microsoft Network Monitor 3\;C:\Program Files\Microsoft SQL 
Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL 
Server\100\DTS\Binn\;C:\Program Files\Microsoft SQL 
Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual 
Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program 
Files\QuickTime\QTSystem\;c:\apache-ant-1.8.2\
05:47:50,802 INFO  [Http11Protocol] Initializing Coyote HTTP/1.1 on http-8080
05:47:50,802 INFO  [Catalina] Initialization processed in 379 ms
05:47:50,833 INFO  [StandardService] Starting service Catalina
05:47:50,833 INFO  [StandardEngine] Starting Servlet Engine: Apache 
Tomcat/6.0.18
05:47:51,380 DEBUG [NegotiateSecurityFilter] 
[waffle.servlet.NegotiateSecurityFilter] loaded
05:47:51,380 DEBUG [NegotiateSecurityFilter] initializing default secuirty 
filter providers
05:47:51,395 INFO  [NegotiateSecurityFilter] 
[waffle.servlet.NegotiateSecurityFilter] started
05:47:51,442 DEBUG [PooledDataSource] Creating PooledDataSource from JDBC 
driver com.cca.j204.J204Driver 
[URL=JDBC:J204://THRDEVL:41000/SQL/CNCTSTRD/STARD1/isolation level=RU]
05:47:51,458 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 matching criteria: is assignable to Configuration
05:47:51,489 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 matching criteria: is assignable to ActionResolver
05:47:51,489 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/]
 matching criteria: is assignable to ActionBean
05:47:51,583 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 

Please help - Question on Tomcat Startup

[Savoy, Melinda]

I have what I think is a weird situation.

I have two workspaces in 2 different versions of Eclipse that reside in 2 
different directories and whereby I have 2 different versions of the tomcat 
server that reside in 2 different directories on my Windows XP box.

In one my workspaces, which is a test workspace, I was testing how to do a web 
service by choosing the web service project option in Eclipse Helios.  I am 
running Tomcat 6.0.30.  What is WEIRD, is that I then went to another workspace 
where I'm running Eclipse Galileo and Tomcat 6.0.18 and tried to start my 
Tomcat server I got the 2 FAIL errors below which is the same error(s) I got on 
my other workspace.  I am not understanding what change on my box was able to 
create these errors on 2 different tomcat servers.

Any help would be greatly appreciated.  Thanks.

05:47:50,755 WARN  [Digester] 
[SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 
'source' to 'org.eclipse.jst.jee.server:SCMIS' did not find a matching property.
05:47:50,770 INFO  [AprLifecycleListener] The APR based Apache Tomcat Native 
library which allows optimal performance in production environments was not 
found on the java.library.path: C:\Program 
Files\Java\jre6\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:/Program
 Files/Java/jre6/bin/client;C:/Program Files/Java/jre6/bin;C:\Program 
Files\IBM\SDP70Shared\AgentController\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program
 Files\Microsoft SQL Server\80\Tools\BINN;C:\Program 
Files\Rational\common;C:\Program Files\Windows Imaging\;c:\Program 
Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL 
Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL 
Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL 
Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual 
Studio .NET 2005\Common7\IDE\PrivateAssemblies\;C:\Program 
Files\NetManage\RUMBA\System;C:\Program Files\NetManage\RUMBA\;C:\Program 
Files\Microsoft Application Virtualization 
Client;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Hyperion/common/EssbaseRTC/9.3.1/bin;C:\Hyperion\common\ODBC\Merant\5.2\Drivers;C:\Hyperion\BIPlus\bin;C:\Hyperion\BIPlus\lib;C:\Hyperion\common\SAP\bin;C:\Program
 Files\Microsoft Network Monitor 3\;C:\Program Files\Microsoft SQL 
Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL 
Server\100\DTS\Binn\;C:\Program Files\Microsoft SQL 
Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual 
Studio 9.0\Common7\IDE\PrivateAssemblies\;C:\Program 
Files\QuickTime\QTSystem\;c:\apache-ant-1.8.2\
05:47:50,802 INFO  [Http11Protocol] Initializing Coyote HTTP/1.1 on http-8080
05:47:50,802 INFO  [Catalina] Initialization processed in 379 ms
05:47:50,833 INFO  [StandardService] Starting service Catalina
05:47:50,833 INFO  [StandardEngine] Starting Servlet Engine: Apache 
Tomcat/6.0.18
05:47:51,380 DEBUG [NegotiateSecurityFilter] 
[waffle.servlet.NegotiateSecurityFilter] loaded
05:47:51,380 DEBUG [NegotiateSecurityFilter] initializing default secuirty 
filter providers
05:47:51,395 INFO  [NegotiateSecurityFilter] 
[waffle.servlet.NegotiateSecurityFilter] started
05:47:51,442 DEBUG [PooledDataSource] Creating PooledDataSource from JDBC 
driver com.cca.j204.J204Driver 
[URL=JDBC:J204://THRDEVL:41000/SQL/CNCTSTRD/STARD1/isolation level=RU]
05:47:51,458 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 matching criteria: is assignable to Configuration
05:47:51,489 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 matching criteria: is assignable to ActionResolver
05:47:51,489 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/]
 matching criteria: is assignable to ActionBean
05:47:51,583 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 matching criteria: is assignable to ActionBeanPropertyBinder
05:47:51,583 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 matching criteria: is assignable to ActionBeanContextFactory
05:47:51,583 INFO  [ResolverUtil] Scanning for classes in 
[/C:/eclipse-3.5-SR1/Workspace/Phase V 
Dev/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/SCMIS/WEB-INF/classes/org/texashealth/scmis/stripes/ext/]
 matching crit

RE: users Digest 16 Aug 2010 14:18:24 -0000 Issue 9775

[Savoy, Melinda]

Carlton,

Just go to the Waffle site and if you have any questions contact support from 
that site.  We just got off JCIFS about 2-3 months ago and after many problems 
in trying to get IIS-Tomcat integration (issues on our end) to work we switched 
to Waffle and we were up in 5 minutes.  If you're just trying to authenticate 
the user for your application and you're already using Active Directory I would 
recommend Waffle.

Here is the URL for Waffle:  http://waffle.codeplex.com/

Good luck!

-Original Message-
From: users-digest-h...@tomcat.apache.org 
[mailto:users-digest-h...@tomcat.apache.org] 
Sent: Monday, August 16, 2010 9:18 AM
To: users@tomcat.apache.org
Subject: users Digest 16 Aug 2010 14:18:24 - Issue 9775


users Digest 16 Aug 2010 14:18:24 - Issue 9775

Topics (messages 215704 through 215721):

Re: LDAPv3 with StartTLS
215704 by: Igor Gali??
215705 by: Igor Gali??
215706 by: Igor Gali??
215707 by: Pid
215711 by: Igor Gali??
215720 by: Felix Schumacher

Re: Tomcat 6 | Load Balancer IP configuration added as virtual host
215708 by: Pid

Re: 501 Method not implemented with successive POST requests
215709 by: Pid
215718 by: Hans Wahn
215719 by: Pid

Re: Single Sign-On problems
215710 by: Pid
215712 by: Carlton Whitmore
215713 by: Caldarale, Charles R
215714 by: Carlton Whitmore
215715 by: Caldarale, Charles R
215716 by: Andr? Warnier
215721 by: Carlton Whitmore

Re: truststoreFile vs javax.net.ssl.trustStore
215717 by: Estanislao Gonzalez

Administrivia:

-
To post to the list, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: 
users-digest-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-digest-h...@tomcat.apache.org

--



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Actually, I was able, with dB's help, to implement the Waffle product that he 
has suggested to me and others who have posted on this list  and it worked very 
easily.

I would HIGHLY recommend Waffle for anyone who is using Tomcat and is looking 
for an Open Source solution for authentication.

I appreciate all the time and help of those on this list over the last 2 months.

However, getting Waffle implemented was a much simpler process that using the 
Tomcat Connector.

Andre - I would have to take issue with your comment below about me not telling 
you everything that I did to make the ISAPI filter work.  


Regards.

 

From: André Warnier [...@ice-sa.com]
Sent: Sunday, June 27, 2010 15:55
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

Savoy, Melinda wrote:
> Let me ask another question if I might in addition to the one below:
>
> In my ISAPI log it shows:
>
> [Wed Jun 23 09:50:59.568 2010] [5024:6028] [debug] jk_isapi_plugin.c (3108): 
> Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
> name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/index.jsp
>
> The value of "80" is shown, my question is does this line in my ISAPI log 
> show the request as to where it is coming from, meaning IIS since IIS is on 
> port 80?
>
> My tomcat app is running on port 9080.
>
> Just curious.
>
> I think, I am going on to try Waffle, instead of trying to pursue this any 
> further.  dB has been kind enough to offer his help in getting me setup.
>
> I just thought I'd ask this one last question. Thanks for all the time and 
> help.
>
Melinda,
you are doing something somewhere which you are not telling us.
Otherwise what you say you are doing should be working.
If the userid shows up in the isapi redirector log, then Tomcat is getting it, 
and you
should see it with getRemoteUser().
If you are not seeing it, then there is something else, not originally 
belonging to the
isapi redirector or Tomcat, which is overwriting it with a null.
If so, you will have the same issue with any authentication method.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on JAR in Tomcat\lib directory

[Savoy, Melinda]

I have no idea what happened, but I got my problem resolved.  I have no idea 
whether it was an Eclipse issue or a Tomcat issue.  All I did was copy the JAR 
again to the Tomcat\lib directory and bounced Eclipse and then I saw the 
updated code.

At any rate, thanks anyway and sorry I posted before do that again today.

Regards.

-Original Message-
From: Savoy, Melinda 
Sent: Saturday, June 26, 2010 3:57 PM
To: 'Tomcat Users List'
Subject: Question on JAR in Tomcat\lib directory

In Eclipse I have a project where in the build path under the Libraries tab 
there is listed Apache Tomcat v6.0 [Apache Tomcat v6.0] because in the 
Tomcat\lib  directory there are a number of jars that pertain to this project. 
I have updated one of the jars in this library. However, when I'm using the 
debugger in Eclipse and I reference the compiled class in this jar it does not 
show the updated class where I added 4 lines of code and that I exported out to 
this jar. I have verified that the jar that I exported to this directory 
contains the updated class in the jar but again, the debugger appears to show a 
non-updated class from somewhere else.

Does Tomcat cache in some way files in the lib directory?

Any suggestions or direction would be greatly appreciated.

Thank you.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org<mailto:melindasa...@texashealth.org>

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.


The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Question on JAR in Tomcat\lib directory

[Savoy, Melinda]

In Eclipse I have a project where in the build path under the Libraries tab 
there is listed Apache Tomcat v6.0 [Apache Tomcat v6.0] because in the 
Tomcat\lib  directory there are a number of jars that pertain to this project. 
I have updated one of the jars in this library. However, when I'm using the 
debugger in Eclipse and I reference the compiled class in this jar it does not 
show the updated class where I added 4 lines of code and that I exported out to 
this jar. I have verified that the jar that I exported to this directory 
contains the updated class in the jar but again, the debugger appears to show a 
non-updated class from somewhere else.

Does Tomcat cache in some way files in the lib directory?

Any suggestions or direction would be greatly appreciated.

Thank you.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: Does Tomcat cache pages it's executing?

[Savoy, Melinda]

Thank you to David and Pid for the responses.  It is very much appreciated.

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Friday, June 25, 2010 9:24 AM
To: Tomcat Users List
Subject: Re: Does Tomcat cache pages it's executing?

On 25/06/2010 15:03, Savoy, Melinda wrote:
> I have some weird behavior going on, I think with my Tomcat 6.0.18 server in 
> Eclipse.
> 
> In my dynamic web project in Eclipse I had created a test index.jsp 
> (TESTindex.jsp) page and had the original index.jsp page in the same web 
> content folder. I was renaming these accordingly to TESTindex and index.jsp 
> while testing. I completed testing and deleted the TESTindex.jsp page but 
> when I run my app the deleted TESTindex.jsp page is still showing up as my 
> index.jsp page.
> 
> I did a SEARCH on my C: for the specific text in the TESTindex.jsp page but 
> search did not find anything. Is there somewhere in Tomcat that is holding 
> that TESTindex.jsp page as my index.jsp page? Is there a cache in Tomcat that 
> I can clear out or something like that?
> 
> This is driving me crazy. I have my original index.jsp in my project 
> currently that I'm needing my web app to execute but it still goes to this 
> TESTindex.jsp page as my index.jsp page. I've removed and added the project 
> to Tomcat in the Servers tab in Eclipse and I've rebooted Tomcat several 
> times but to no avail.
> 
> Any suggestions or direction here would be appreciated.

So you had two files, you've switched them by renaming them, but the earlier 
version is still being rendered?

Tomcat parses a JSP file, generates a Servlet and compiles it - whcih responds 
on the URL of the JSP.  You can find these classes in the tomcat/work directory 
structure.

Note: Eclipse make not have put this in an obvious place, so you may have to 
hunt for it, if you want to clear out those classes.

You could try opening the correct index.jsp and making a small edit and 
resaving it, the new timestamp might kick off an update of the generated class.


p




> Melinda Savoy
> Sr. Programmer Analyst, ERP Systems
> Innovative Technology Solutions
> Texas Health Resources
> 600 E. Lamar Blvd, Ste 301, Arlington TX  76011 
> melindasa...@texashealth.org<mailto:melindasa...@texashealth.org>
> 
> Texas Health Resources: Arlington Memorial, Harris Methodist and 
> Presbyterian Hospitals A shared mission and now a shared name.
> 
> 
> 
> 
> 
> The information contained in this message and any attachments is intended 
> only for the use of the individual or entity to which it is addressed, and 
> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
> disclosure under applicable law.  If you are not the intended recipient, you 
> are prohibited from copying, distributing, or using the information.  Please 
> contact the sender immediately by return e-mail and delete the original 
> message from your system.




The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Does Tomcat cache pages it's executing?

[Savoy, Melinda]

I have some weird behavior going on, I think with my Tomcat 6.0.18 server in 
Eclipse.

In my dynamic web project in Eclipse I had created a test index.jsp 
(TESTindex.jsp) page and had the original index.jsp page in the same web 
content folder. I was renaming these accordingly to TESTindex and index.jsp 
while testing. I completed testing and deleted the TESTindex.jsp page but when 
I run my app the deleted TESTindex.jsp page is still showing up as my index.jsp 
page.

I did a SEARCH on my C: for the specific text in the TESTindex.jsp page but 
search did not find anything. Is there somewhere in Tomcat that is holding that 
TESTindex.jsp page as my index.jsp page? Is there a cache in Tomcat that I can 
clear out or something like that?

This is driving me crazy. I have my original index.jsp in my project currently 
that I'm needing my web app to execute but it still goes to this TESTindex.jsp 
page as my index.jsp page. I've removed and added the project to Tomcat in the 
Servers tab in Eclipse and I've rebooted Tomcat several times but to no avail.

Any suggestions or direction here would be appreciated.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Let me ask another question if I might in addition to the one below:

In my ISAPI log it shows:

[Wed Jun 23 09:50:59.568 2010] [5024:6028] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/index.jsp

The value of "80" is shown, my question is does this line in my ISAPI log show 
the request as to where it is coming from, meaning IIS since IIS is on port 80?

My tomcat app is running on port 9080.

Just curious.

I think, I am going on to try Waffle, instead of trying to pursue this any 
further.  dB has been kind enough to offer his help in getting me setup.

I just thought I'd ask this one last question. Thanks for all the time and help.

Regards.

-Original Message-----
From: Savoy, Melinda 
Sent: Wednesday, June 23, 2010 7:50 AM
To: 'Tomcat Users List'; 'p...@pidster.com'
Subject: RE: Still having problem retrieving user value from ISAPI Filter for 
authentication

Let me ask, what maybe a stupid question now, but when I print out the 
enumeration value of the request header names, see below, using 
request.getHeaderNames() should the user be listed as one of the headers which 
is passed on from the ISAPI filter:

=== MimeHeaders ===
accept = */*
accept-language = en-us
connection = Keep-Alive
host = localhost
user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; 
.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET 
CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
authorization = NTLM 
TlRMTVNTUAADAEgASABIAEgASABIBcKIogUBKAoP
accept-encoding = gzip, deflate
content-length = 0

Thank you.


-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Wednesday, June 23, 2010 6:52 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 23/06/2010 10:45, Rainer Jung wrote:
> On 23.06.2010 09:51, Pid wrote:
>> On 23 Jun 2010, at 02:40, Rainer Jung  wrote:
>>
>>> On 22.06.2010 21:59, Marc Boorshtein wrote:
>>>>>
>>>>> Unless you are going to authenticate via one of Tomcat's 
>>>>> authentication methods; BASIC, FORM, etc, then getRemoteUser() is 
>>>>> going to return null.
>>>>>
>>>>> You'll need to add a security constraint, login-config and 
>>>>> security-role to your web.xml to test getRemoteUser(); in just Tomcat.
>>>>>
>>>>
>>>> This shouldn't be the case since she put tomcatAuthentication="false"
>>>> tomcat should be taking the username from the JK_REMOTE_USER 
>>>> attribute.
>>>>
>>>> Have you tried a wireshark packet capture?
>>>
>>> The log file of the ISAPI redirector she presented already contains 
>>> a dump of the AJP packet the redirector is going to send out. The 
>>> dump shows the correct user string contained in the packet.
>>>
>>> I've got no idea what's wrong here.
>>
>> Would you expect the user value normally to be set as another 
>> (REMOTE_USER type) header by ISAPI?
> 
> No, it gets send as an AJP specific request attribute that the AJP 
> connectors know about. It's not an HTTP header.

OK, and I'm guessing that if there was a way to get the AJP connector to dump 
those attributes you'd have said so by now.


p

> Regards,
> 
> Rainer
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

I also tried request.getAttribute("user") but I got a null value as well.

-Original Message-----
From: Savoy, Melinda 
Sent: Wednesday, June 23, 2010 8:09 AM
To: 'Tomcat Users List'
Subject: RE: Still having problem retrieving user value from ISAPI Filter for 
authentication

I just tried the request.getAttributeNames() and I got nulls for all the 
elements in this enumeration.

Thanks.

-Original Message-
From: Marc Boorshtein [mailto:mboorsht...@gmail.com] 
Sent: Wednesday, June 23, 2010 8:03 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On Wed, Jun 23, 2010 at 8:49 AM, Savoy, Melinda
 wrote:
> Let me ask, what maybe a stupid question now, but when I print out the 
> enumeration value of the request header names, see below, using 
> request.getHeaderNames() should the user be listed as one of the headers 
> which is passed on from the ISAPI filter:
>

What about the attributes?  request.getAttribute() This is different
then a header

Marc

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

I just tried the request.getAttributeNames() and I got nulls for all the 
elements in this enumeration.

Thanks.

-Original Message-
From: Marc Boorshtein [mailto:mboorsht...@gmail.com] 
Sent: Wednesday, June 23, 2010 8:03 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On Wed, Jun 23, 2010 at 8:49 AM, Savoy, Melinda
 wrote:
> Let me ask, what maybe a stupid question now, but when I print out the 
> enumeration value of the request header names, see below, using 
> request.getHeaderNames() should the user be listed as one of the headers 
> which is passed on from the ISAPI filter:
>

What about the attributes?  request.getAttribute() This is different
then a header

Marc

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Let me ask, what maybe a stupid question now, but when I print out the 
enumeration value of the request header names, see below, using 
request.getHeaderNames() should the user be listed as one of the headers which 
is passed on from the ISAPI filter:

=== MimeHeaders ===
accept = */*
accept-language = en-us
connection = Keep-Alive
host = localhost
user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; 
.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET 
CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
authorization = NTLM 
TlRMTVNTUAADAEgASABIAEgASABIBcKIogUBKAoP
accept-encoding = gzip, deflate
content-length = 0

Thank you.


-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Wednesday, June 23, 2010 6:52 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 23/06/2010 10:45, Rainer Jung wrote:
> On 23.06.2010 09:51, Pid wrote:
>> On 23 Jun 2010, at 02:40, Rainer Jung  wrote:
>>
>>> On 22.06.2010 21:59, Marc Boorshtein wrote:
>
> Unless you are going to authenticate via one of Tomcat's 
> authentication methods; BASIC, FORM, etc, then getRemoteUser() is 
> going to return null.
>
> You'll need to add a security constraint, login-config and 
> security-role to your web.xml to test getRemoteUser(); in just Tomcat.
>

 This shouldn't be the case since she put tomcatAuthentication="false"
 tomcat should be taking the username from the JK_REMOTE_USER 
 attribute.

 Have you tried a wireshark packet capture?
>>>
>>> The log file of the ISAPI redirector she presented already contains 
>>> a dump of the AJP packet the redirector is going to send out. The 
>>> dump shows the correct user string contained in the packet.
>>>
>>> I've got no idea what's wrong here.
>>
>> Would you expect the user value normally to be set as another 
>> (REMOTE_USER type) header by ISAPI?
> 
> No, it gets send as an AJP specific request attribute that the AJP 
> connectors know about. It's not an HTTP header.

OK, and I'm guessing that if there was a way to get the AJP connector to dump 
those attributes you'd have said so by now.


p

> Regards,
> 
> Rainer
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: OT RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Thanks Leo.  I've got the same setup in IIS regarding integrated windows 
security.  However, IIS is on port 80 and Tomcat is on 9080 so as not to 
conflict.

IIS is giving the ISAPI filter the user info that I'm looking for as indicated 
in the ISAPI log.

Thanks for trying.  It's appreciated.

-Original Message-
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] 
Sent: Tuesday, June 22, 2010 6:13 PM
To: 'Tomcat Users List'
Subject: RE: OT RE: Still having problem retrieving user value from ISAPI 
Filter for authentication

>From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
>Subject: OT RE: Still having problem retrieving user value from ISAPI
>Filter for authentication
>>
>Doesn't the url mapping in the uriworkermap.properties file interrupt
>IIS from passing authentication to Tomcat?
>
>If you restrict access to a virtual directory in IIS, mapped to a
>servlet or webapp in Tomcat, and there is a URL for that servlet/webapp
>in uriworkermap.properties, wouldn't Tomcat allow access even though IIS
>attempts to say no?
>
>I still have a server with IIS and the isapi_redirect.dll "Jakarta
>filter" running internally.
>
>I created a new website in IIS, called test, using IIS port 8088, mapped
>to the examples directory in Tomcat 6.0.26  (Tomcat's HTTP port is still
>8080)
>I added the "Jakarta" virtual directory to test.
>I removed anonymous access and checked integrated windows security for
>test.
>
>http://localhost:8088  supply credentials of user not allowed to this
>directory - yields no access.
>http://localhost:8088/examples I get right through, no challenge from
>IIS.
>
>http://localhost:8088  supply credentials of user allowed, snoop JSP
>works, but Remote User is null.  Everything else in snoop output had a
>value.
>

I stand corrected, as usual.  Snoop JSP does display my login info.  However, 
my browser is now set to supply credentials for internal sites.  "Automatic 
login only in Intranet zone".

IE 7
Internet Options
Security
Custom Level
Scroll all the way down to User Authentication.

isapi_redirect.dll version 1.2.27
IIS 6.0
Windows Server 2003

http://localhost:8088/examples/jsp/snp/snoop.jsp

Request Information 
JSP Request Method: GET 
Request URI: /examples/jsp/snp/snoop.jsp 
Request Protocol: HTTP/1.1 
Servlet path: /jsp/snp/snoop.jsp 
Path info: null 
Query string: null 
Content length: 0 
Content type: null 
Server name: server name 
Server port: 8088 
Remote user: PLANDEV\donahuel 
Remote address: my ip 
Remote host: my ip 
Authorization scheme: Negotiate 
Locale: en_US

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Sorry, Marc.  I'm have no idea what a wireshark packet capture is?  I've only 
worked with the Fiddler Http Proxy Debugger tool to view what is coming over on 
the browser.

Thanks.

-Original Message-
From: Marc Boorshtein [mailto:mboorsht...@gmail.com] 
Sent: Tuesday, June 22, 2010 3:00 PM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

>
> Unless you are going to authenticate via one of Tomcat's authentication 
> methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
>
> You'll need to add a security constraint, login-config and security-role to 
> your web.xml to test getRemoteUser(); in just Tomcat.
>

This shouldn't be the case since she put tomcatAuthentication="false"
tomcat should be taking the username from the JK_REMOTE_USER
attribute.

Have you tried a wireshark packet capture?

Marc

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Ranier,

Please see the requested info below and thanks for taking time to look at the 
log and for your reply.

Web.xml (1 & 2 were deleted because they had to do with my filters just in case 
you were wondering why 3 was there):


http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://java.sun.com/xml/ns/javaee";

xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
id="WebApp_ID"
version="2.5">

  SCMIS



 

java.lang.Exception
/error.jsp



index.html
index.htm
index.jsp
default.html
default.htm
default.jsp



Server.xml:






  
  
  
  
  
  
  

  
  


  

  
  
  







   








 


  
  

  
  

  
  

  
  







  

  


-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Tuesday, June 22, 2010 2:48 PM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22.06.2010 21:29, Savoy, Melinda wrote:
> That is definitely the preferred method and the reason for going to the 
> Tomcat Connector for this authentication process.  However, even with the 
> most simple implementation of my index.jsp and web.xml file I cannot get the 
> getRemoteUser() to work.
>
> I am hoping that Ranier is able to look at the log that I sent a few minutes 
> ago and perhaps from there be able to determine where I've messed up in the 
> configuration portion of the ISAPI filter or see something in the log that 
> would show him where this is going wrong that perhaps I can fix(?).

The ISAPI redirector log shows that it's correctly forwarding the data.

How do your web.xml and server.xml for this test look like?

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

That is definitely the preferred method and the reason for going to the Tomcat 
Connector for this authentication process.  However, even with the most simple 
implementation of my index.jsp and web.xml file I cannot get the 
getRemoteUser() to work.  

I am hoping that Ranier is able to look at the log that I sent a few minutes 
ago and perhaps from there be able to determine where I've messed up in the 
configuration portion of the ISAPI filter or see something in the log that 
would show him where this is going wrong that perhaps I can fix(?).

As far as trying to get these other variables, I'm not sure how to go about 
getting them from the request but I'll start researching.  

Thanks for the additional information.  It's appreciated.

Regards.

-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Tuesday, June 22, 2010 2:30 PM
To: Tomcat Users List
Subject: RE: Still having problem retrieving user value from ISAPI Filter for 
authentication

Hi, Melinda-

I'm not sure it's going to be that easy. From what I've read, the NTLM 
authorization header includes structured data that is encoded using a 
server nonce and/or the password.  However, AUTH_USER, REMOTE_USER and 
LOGON_USER variables should be available to ISAPI applications with 
NTLM.  I'd be looking on the ISAPI side for a way, maybe a configuration 
setting, to pass the decoded NTLM credentials to tomcat.

-Terence Bandoian


Savoy, Melinda wrote:
> Question.  As my code is currently blowing up when I setup the Base64Decoder 
> in my constructor I'm getting an error immediately, at any rate I'm working 
> thru that, but will this DECODE method show me the USERID that I'm looking 
> for?
>
> That is what I'm needing.  Thank you.
>
> -Original Message-
> From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
> Sent: Tuesday, June 22, 2010 12:40 PM
> To: Tomcat Users List
> Subject: RE: Still having problem retrieving user value from ISAPI Filter for 
> authentication
>
> Hi, Melinda-
>
> As Pid suggested, the first part of that string after NTLM in the 
> authorization header decodes in base64 to 'NTLMSSP'.
>
> -Terence Bandoian
>
>
> Savoy, Melinda wrote:
>   
>> Thanks Pid, I did do that as well, but I did not see the user value there 
>> either.  
>>
>> Here is what I got when I did issue the getHeaderNames() and as you can see 
>> the authorization shows the encrypted NTLM value but it is not decrypted and 
>> I cannot get to the info though the ISAPI log shows the decrypted value 
>> which I cannot get to:
>>
>> =imeHeaders ===
>> accept =
>> accept-language =us
>> connection îp-Alive
>> host =alhost
>> user-agent =illa/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; 
>> .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; 
>> .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
>> cookie =SSIONID-9AE176A965514B845A6E3A9E83A21E
>> authorization =M 
>> TlRMTVNTUAADAEgASABIAEgASABIBcKIogUBKAoP
>> accept-encoding =p, deflate
>> content-length >
>> I don't know what I'm doing wrong here.  Again, any help is appreciated.
>>
>> Thanks.
>>
>> -Original Message-
>> From: Pid [mailto:p...@pidster.com] 
>> Sent: Tuesday, June 22, 2010 7:11 AM
>> To: Tomcat Users List
>> Subject: Re: Still having problem retrieving user value from ISAPI Filter 
>> for authentication
>>
>> On 22/06/2010 13:05, Marc Boorshtein wrote:
>>   
>> 
>>> I haven't tried this with IIS, but we had quite the discussion on this 
>>> last week with Apache & tomcat with JK.  In your server.xml file add 
>>> tomcatAuthentication=se" to the AJP connector object.  If you look 
>>> in the archives of this list for JK_REMOTE_USER there is a very 
>>> interesting discussion on the topic.
>>> 
>>>   
>> Also, you could iterate through the headers in request.getHeaderNames() to 
>> see what's being passed across to Tomcat.
>>
>>
>> p
>>
>>
>>   
>> 
>>> Marc
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>> 
>>>   
>>
>>
>> The information contained in this message and any attachments is intended 
>> only for the use of the individual or entity to which it is addr

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

 06:15:20.987 2010] [1572:4000] [debug] jk_isapi_plugin.c (1201): 
Wrote 51 bytes of data successfully
[Tue Jun 22 06:15:21.003 2010] [1572:4000] [debug] jk_ajp_common.c (1336): 
received from ajp13 pos=0 len=2 max=8192
[Tue Jun 22 06:15:21.003 2010] [1572:4000] [debug] jk_ajp_common.c (1336):  
   05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  - 
[Tue Jun 22 06:15:21.003 2010] [1572:4000] [debug] jk_ajp_common.c (1940): 
AJP13 protocol: Reuse is OK
[Tue Jun 22 06:15:21.003 2010] [1572:4000] [debug] jk_isapi_plugin.c (2185): 
service() returned OK
[Tue Jun 22 06:15:21.003 2010] [1572:4000] [debug] jk_ajp_common.c (757): 
(scmisWorker) resetting endpoint with sd = 2128
[Tue Jun 22 06:15:21.003 2010] [1572:4000] [debug] jk_ajp_common.c (3010): 
recycling connection pool slot=0 for worker scmisWorker

-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de]
Sent: Tuesday, June 22, 2010 12:19 PM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22.06.2010 16:18, Savoy, Melinda wrote:
> Thanks Pid.  That is what I'm working on right now.  I am in the middle of 
> the Decoder part of the code again.
>
> My apologies to this list as I understood I could get that directly from the 
> ISAPI filter as it would decrypt it for me, which it does per the ISAPI log, 
> and then pass it on to me via the HttpServletRequest getRemoteUser() which it 
> does not do.

It does, but I expect something in your application stack to overwrite
or delete it again.

If you want to find out what happens, you need to get into a more simple
test situation, like deploying a trivial app (e.g. the default Tomcat
ROOT context), and simply add a JSP or servlet there that shows you the
request.getRemoteUser(). I expect that to work. Then the question why it
doesn't work in your app is up to your application and framework code.

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Question.  As my code is currently blowing up when I setup the Base64Decoder in 
my constructor I'm getting an error immediately, at any rate I'm working thru 
that, but will this DECODE method show me the USERID that I'm looking for?

That is what I'm needing.  Thank you.

-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Tuesday, June 22, 2010 12:40 PM
To: Tomcat Users List
Subject: RE: Still having problem retrieving user value from ISAPI Filter for 
authentication

Hi, Melinda-

As Pid suggested, the first part of that string after NTLM in the 
authorization header decodes in base64 to 'NTLMSSP'.

-Terence Bandoian


Savoy, Melinda wrote:
> Thanks Pid, I did do that as well, but I did not see the user value there 
> either.  
>
> Here is what I got when I did issue the getHeaderNames() and as you can see 
> the authorization shows the encrypted NTLM value but it is not decrypted and 
> I cannot get to the info though the ISAPI log shows the decrypted value which 
> I cannot get to:
>
> = MimeHeaders ===
> accept =/*
> accept-language =n-us
> connection =eep-Alive
> host =ocalhost
> user-agent =ozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; 
> .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; 
> .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
> cookie =SESSIONID-9AE176A965514B845A6E3A9E83A21E
> authorization =TLM 
> TlRMTVNTUAADAEgASABIAEgASABIBcKIogUBKAoP
> accept-encoding =zip, deflate
> content-length =
>
> I don't know what I'm doing wrong here.  Again, any help is appreciated.
>
> Thanks.
>
> -Original Message-
> From: Pid [mailto:p...@pidster.com] 
> Sent: Tuesday, June 22, 2010 7:11 AM
> To: Tomcat Users List
> Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
> authentication
>
> On 22/06/2010 13:05, Marc Boorshtein wrote:
>   
>> I haven't tried this with IIS, but we had quite the discussion on this 
>> last week with Apache & tomcat with JK.  In your server.xml file add 
>> tomcatAuthentication=alse" to the AJP connector object.  If you look 
>> in the archives of this list for JK_REMOTE_USER there is a very 
>> interesting discussion on the topic.
>> 
>
> Also, you could iterate through the headers in request.getHeaderNames() to 
> see what's being passed across to Tomcat.
>
>
> p
>
>
>   
>> Marc
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>> 
>
>
>
>
> The information contained in this message and any attachments is intended 
> only for the use of the individual or entity to which it is addressed, and 
> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
> disclosure under applicable law.  If you are not the intended recipient, you 
> are prohibited from copying, distributing, or using the information.  Please 
> contact the sender immediately by return e-mail and delete the original 
> message from your system.
>
>   

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Thanks Pid.  That is what I'm working on right now.  I am in the middle of the 
Decoder part of the code again.  

My apologies to this list as I understood I could get that directly from the 
ISAPI filter as it would decrypt it for me, which it does per the ISAPI log, 
and then pass it on to me via the HttpServletRequest getRemoteUser() which it 
does not do.

Thanks again, Pid.  Your help is much appreciated.

Regards.

  

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Tuesday, June 22, 2010 9:06 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22/06/2010 14:45, Savoy, Melinda wrote:
> We had been working with JCIFS and chose the Tomcat Connector for IIS because 
> we're primarily a MS shop and already had IIS in place here.  The team lead 
> who had written this custom code is no longer with the company and I've had 
> to try and figure out what all he did and then try to implement this Tomcat 
> connector.  
> 
> I've been able to talk to this former team lead and he basically told me the 
> following on the filter:
> 
> The filter basically takes the request/response and does create an auth value 
> using the Base64Decoder and Base64Encoder from Sun and we populate a User 
> object that is then used throughout the session for authentication purposes 
> within the application as well as initially getting to the index.jsp page.  I 
> was testing, by commenting out the filter in my web.xml, to see if I could 
> just get to a vanilla index.jsp page that only contained:  
> <%=getRemoteUser()%> so that I could make certain that I could get that value 
> which I understood I should be able to without setting up REALM's or auth in 
> the config.  But after getting IIS to talk to Tomcat last week I've been 
> trying to get this to work and to no avail as of today and therefore the 
> reason for my post this morning. 
> 
> I understood that the ISAPI filter provided the decrypted info that JCIFS had 
> un decrypting and that is why we chose this route.  But it seems like it is a 
> lot more involved that what I read about and what I've understood from others 
> on this list - which is fine but it was not as simple as I understood or 
> misunderstood as the case may be.
> 
> Sorry I cannot be more specific.  Hope this helps.

So I'm reading this to mean that the Filter you have commented out is doing the 
work required to parse the auth header & set the relevant object values.

One of the things a Servlet Filter can do is wrap the current request/response 
objects (see Servlet HttpServletRequestWrapper, HttpServletResponseWrapper 
interfaces), the wrappers provide methods which override certain 
request/response methods providing alternative return values.

So your custom filter could be decoding the header and overriding the 
getRemoteUser and getUserPrincipal methods; your app accesses the methods and 
gets values that are not supplied by Tomcat auth/realm support.  (Meaning the 
JavaRanch advice isn't applicable).

So you need to look inside the execute(req, res) method you mentioned earlier 
to find out what it does, and re-enable the filter.


p






> -Original Message-
> From: Pid [mailto:p...@pidster.com]
> Sent: Tuesday, June 22, 2010 8:13 AM
> To: Tomcat Users List
> Subject: Re: Still having problem retrieving user value from ISAPI 
> Filter for authentication
> 
> On 22/06/2010 13:59, Savoy, Melinda wrote:
>> We have a custom filter that we're using because after we get the request 
>> and response info then I need to use the user value info and get the user 
>> also authenticated against a legacy system.
>>
>> But right now I have that commented out in my web.xml so that I can go 
>> directly to a test index.jsp page and verify that the getRemoteUser() is 
>> acquiring the user info from ISAPI but ISAPI is not providing that info to 
>> me via this method.  I'm not sure, again, why it shows the info in the log 
>> but I cannot get to it directly.  I'm not sure how Ranier was able to get to 
>> it as he stated awhile back.
> 
> If there's no auth defined in web.xml then Tomcat isn't going to do anything 
> - AFAIK the auth valves don't trigger unless the config puts them in the 
> pipeline.
> 
> If your auth is performed by a custom filter, that is currently commented 
> out, then you're not going to get very far there either.
> 
> Do you know exactly what the filter does?
> Does it decode the header itself and wrap the request/response objects?
> 
> 
> p
> 
> 
>> Thanks again. 
>>
>> -Original Message-
>> From: Pid [mailto:p...@pidster.com]
>> Sent: Tues

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

We had been working with JCIFS and chose the Tomcat Connector for IIS because 
we're primarily a MS shop and already had IIS in place here.  The team lead who 
had written this custom code is no longer with the company and I've had to try 
and figure out what all he did and then try to implement this Tomcat connector. 
 

I've been able to talk to this former team lead and he basically told me the 
following on the filter:

The filter basically takes the request/response and does create an auth value 
using the Base64Decoder and Base64Encoder from Sun and we populate a User 
object that is then used throughout the session for authentication purposes 
within the application as well as initially getting to the index.jsp page.  I 
was testing, by commenting out the filter in my web.xml, to see if I could just 
get to a vanilla index.jsp page that only contained:  <%=getRemoteUser()%> so 
that I could make certain that I could get that value which I understood I 
should be able to without setting up REALM's or auth in the config.  But after 
getting IIS to talk to Tomcat last week I've been trying to get this to work 
and to no avail as of today and therefore the reason for my post this morning. 

I understood that the ISAPI filter provided the decrypted info that JCIFS had 
un decrypting and that is why we chose this route.  But it seems like it is a 
lot more involved that what I read about and what I've understood from others 
on this list - which is fine but it was not as simple as I understood or 
misunderstood as the case may be.

Sorry I cannot be more specific.  Hope this helps.

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Tuesday, June 22, 2010 8:13 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22/06/2010 13:59, Savoy, Melinda wrote:
> We have a custom filter that we're using because after we get the request and 
> response info then I need to use the user value info and get the user also 
> authenticated against a legacy system.
> 
> But right now I have that commented out in my web.xml so that I can go 
> directly to a test index.jsp page and verify that the getRemoteUser() is 
> acquiring the user info from ISAPI but ISAPI is not providing that info to me 
> via this method.  I'm not sure, again, why it shows the info in the log but I 
> cannot get to it directly.  I'm not sure how Ranier was able to get to it as 
> he stated awhile back.

If there's no auth defined in web.xml then Tomcat isn't going to do anything - 
AFAIK the auth valves don't trigger unless the config puts them in the pipeline.

If your auth is performed by a custom filter, that is currently commented out, 
then you're not going to get very far there either.

Do you know exactly what the filter does?
Does it decode the header itself and wrap the request/response objects?


p


> Thanks again. 
> 
> -Original Message-
> From: Pid [mailto:p...@pidster.com]
> Sent: Tuesday, June 22, 2010 7:53 AM
> To: 'Tomcat Users List'
> Subject: Re: Still having problem retrieving user value from ISAPI 
> Filter for authentication
> 
> On 22/06/2010 13:36, Savoy, Melinda wrote:
>> Thanks Pid, I did do that as well, but I did not see the user value there 
>> either.  
>>
>> Here is what I got when I did issue the getHeaderNames() and as you can see 
>> the authorization shows the encrypted NTLM value but it is not decrypted and 
>> I cannot get to the info though the ISAPI log shows the decrypted value 
>> which I cannot get to:
>>
>> === MimeHeaders ===
>> accept = */*
>> accept-language = en-us
>> connection = Keep-Alive
>> host = localhost
>> user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; 
>> Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 
>> 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 
>> 3.5.30729; MS-RTC LM 8; MS-RTC EA 2) cookie = 
>> JSESSIONID=969AE176A965514B845A6E3A9E83A21E
>> authorization = NTLM
>> TlRMTVNTUAADAEgASABIAEgAS
>> A
>> BIBcKIogUBKAoP
>> accept-encoding = gzip, deflate
>> content-length = 0
>>
>> I don't know what I'm doing wrong here.  Again, any help is appreciated.
> 
> What do you have defined in web.xml for security-config etc?
> 
> 
> p
> 
> 
>> Thanks.
>>
>> -Original Message-
>> From: Pid [mailto:p...@pidster.com]
>> Sent: Tuesday, June 22, 2010 7:11 AM
>> To: Tomcat Users List
>> Subject: Re: Still having problem retrieving user value from ISAPI 
>> Filter for authentication
>>
>> On 22/06/2010 13:05, Marc Boorsht

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Actually, what I finally got working was getting IIS to talk to Tomcat and 
therefore seeing the request get to the ISAPI filter which after working with a 
MS IIS engineer 2 weeks ago I was able to get up and running.  I have not to 
date been able to get the getRemoteUser() to extract the user value info that 
ISAPI shows in its log.  That is the issue.  In the previous posts this morning 
I showed what the getHeaderNames() provided but it has an encrypted NTLM value. 
I thought I could get at the user value that ISAPI show by executing the 
getRemoteUser() but I'm still getting a NULL value.

Pid suggested using a Base64Decoder but I thought the ISAPI filter would 
provide that for me.  

Thanks.

-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Tuesday, June 22, 2010 8:16 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22.06.2010 14:16, Savoy, Melinda wrote:
> Thanks Marc.  I actually have that setting in my server.xml file as well.
>
> Actually I did follow your post last week thinking that would help me but the 
> ISAPI filter is working properly as indicated in my log and IIS has 
> authenticated the info otherwise, at least it is my understanding and my 
> experience for the last month in trying to get the ISAPI config and IIS setup 
> properly, that the request info in the isapi log would NOT be populated at 
> all.  But now that it is, it appears that I cannot get to the request info by 
> using the getRemoteUser() method which I understood from Ranier and Andre 
> that I could use to get the user value that I need to complete authentication 
> in my code.
>
> It just seems that the ISAPI filter is NOT working properly.  Andre or 
> Ranier, if you guys are out there, your response would be appreciated.

I thought you already managed to have a situation, where getRemoteUser() 
returned something meaningful. So what's the difference to the situation 
now?

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Question.  I never setup a custom Tomcat REALM and wondered if that is required 
by this ISAPI filter as another user at JavaRanch explained the following to me:

You'd have to provide the user principals and roles via a Tomcat Realm in order 
for getRemoteUser to work. Filters, IIS authenthicators - none of them setup 
the J2EE security context of which getUserPrincipal and getRemoteUser are parts.

How do I do that for this ISAPI filter setup if that is indeed true?

Thanks.  


-Original Message-
From: Savoy, Melinda 
Sent: Tuesday, June 22, 2010 7:59 AM
To: 'Tomcat Users List'; 'p...@pidster.com'
Subject: RE: Still having problem retrieving user value from ISAPI Filter for 
authentication

We have a custom filter that we're using because after we get the request and 
response info then I need to use the user value info and get the user also 
authenticated against a legacy system.

But right now I have that commented out in my web.xml so that I can go directly 
to a test index.jsp page and verify that the getRemoteUser() is acquiring the 
user info from ISAPI but ISAPI is not providing that info to me via this 
method.  I'm not sure, again, why it shows the info in the log but I cannot get 
to it directly.  I'm not sure how Ranier was able to get to it as he stated 
awhile back.

Thanks again. 

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Tuesday, June 22, 2010 7:53 AM
To: 'Tomcat Users List'
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22/06/2010 13:36, Savoy, Melinda wrote:
> Thanks Pid, I did do that as well, but I did not see the user value there 
> either.  
> 
> Here is what I got when I did issue the getHeaderNames() and as you can see 
> the authorization shows the encrypted NTLM value but it is not decrypted and 
> I cannot get to the info though the ISAPI log shows the decrypted value which 
> I cannot get to:
> 
> === MimeHeaders ===
> accept = */*
> accept-language = en-us
> connection = Keep-Alive
> host = localhost
> user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; 
> Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 
> 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 
> MS-RTC LM 8; MS-RTC EA 2) cookie = 
> JSESSIONID=969AE176A965514B845A6E3A9E83A21E
> authorization = NTLM 
> TlRMTVNTUAADAEgASABIAEgASA
> BIBcKIogUBKAoP
> accept-encoding = gzip, deflate
> content-length = 0
> 
> I don't know what I'm doing wrong here.  Again, any help is appreciated.

What do you have defined in web.xml for security-config etc?


p


> Thanks.
> 
> -Original Message-
> From: Pid [mailto:p...@pidster.com]
> Sent: Tuesday, June 22, 2010 7:11 AM
> To: Tomcat Users List
> Subject: Re: Still having problem retrieving user value from ISAPI 
> Filter for authentication
> 
> On 22/06/2010 13:05, Marc Boorshtein wrote:
>> I haven't tried this with IIS, but we had quite the discussion on 
>> this last week with Apache & tomcat with JK.  In your server.xml file 
>> add tomcatAuthentication="false" to the AJP connector object.  If you 
>> look in the archives of this list for JK_REMOTE_USER there is a very 
>> interesting discussion on the topic.
> 
> Also, you could iterate through the headers in request.getHeaderNames() to 
> see what's being passed across to Tomcat.
> 
> 
> p
> 
> 
>> Marc
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> 
> 
> The information contained in this message and any attachments is intended 
> only for the use of the individual or entity to which it is addressed, and 
> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
> disclosure under applicable law.  If you are not the intended recipient, you 
> are prohibited from copying, distributing, or using the information.  Please 
> contact the sender immediately by return e-mail and delete the original 
> message from your system.




The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

We have a custom filter that we're using because after we get the request and 
response info then I need to use the user value info and get the user also 
authenticated against a legacy system.

But right now I have that commented out in my web.xml so that I can go directly 
to a test index.jsp page and verify that the getRemoteUser() is acquiring the 
user info from ISAPI but ISAPI is not providing that info to me via this 
method.  I'm not sure, again, why it shows the info in the log but I cannot get 
to it directly.  I'm not sure how Ranier was able to get to it as he stated 
awhile back.

Thanks again. 

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Tuesday, June 22, 2010 7:53 AM
To: 'Tomcat Users List'
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22/06/2010 13:36, Savoy, Melinda wrote:
> Thanks Pid, I did do that as well, but I did not see the user value there 
> either.  
> 
> Here is what I got when I did issue the getHeaderNames() and as you can see 
> the authorization shows the encrypted NTLM value but it is not decrypted and 
> I cannot get to the info though the ISAPI log shows the decrypted value which 
> I cannot get to:
> 
> === MimeHeaders ===
> accept = */*
> accept-language = en-us
> connection = Keep-Alive
> host = localhost
> user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; 
> Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 
> 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 
> MS-RTC LM 8; MS-RTC EA 2) cookie = 
> JSESSIONID=969AE176A965514B845A6E3A9E83A21E
> authorization = NTLM 
> TlRMTVNTUAADAEgASABIAEgASA
> BIBcKIogUBKAoP
> accept-encoding = gzip, deflate
> content-length = 0
> 
> I don't know what I'm doing wrong here.  Again, any help is appreciated.

What do you have defined in web.xml for security-config etc?


p


> Thanks.
> 
> -Original Message-
> From: Pid [mailto:p...@pidster.com]
> Sent: Tuesday, June 22, 2010 7:11 AM
> To: Tomcat Users List
> Subject: Re: Still having problem retrieving user value from ISAPI 
> Filter for authentication
> 
> On 22/06/2010 13:05, Marc Boorshtein wrote:
>> I haven't tried this with IIS, but we had quite the discussion on 
>> this last week with Apache & tomcat with JK.  In your server.xml file 
>> add tomcatAuthentication="false" to the AJP connector object.  If you 
>> look in the archives of this list for JK_REMOTE_USER there is a very 
>> interesting discussion on the topic.
> 
> Also, you could iterate through the headers in request.getHeaderNames() to 
> see what's being passed across to Tomcat.
> 
> 
> p
> 
> 
>> Marc
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> 
> 
> The information contained in this message and any attachments is intended 
> only for the use of the individual or entity to which it is addressed, and 
> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
> disclosure under applicable law.  If you are not the intended recipient, you 
> are prohibited from copying, distributing, or using the information.  Please 
> contact the sender immediately by return e-mail and delete the original 
> message from your system.




The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Thanks Pid, I did do that as well, but I did not see the user value there 
either.  

Here is what I got when I did issue the getHeaderNames() and as you can see the 
authorization shows the encrypted NTLM value but it is not decrypted and I 
cannot get to the info though the ISAPI log shows the decrypted value which I 
cannot get to:

=== MimeHeaders ===
accept = */*
accept-language = en-us
connection = Keep-Alive
host = localhost
user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; 
.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET 
CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
cookie = JSESSIONID=969AE176A965514B845A6E3A9E83A21E
authorization = NTLM 
TlRMTVNTUAADAEgASABIAEgASABIBcKIogUBKAoP
accept-encoding = gzip, deflate
content-length = 0

I don't know what I'm doing wrong here.  Again, any help is appreciated.

Thanks.

-Original Message-
From: Pid [mailto:p...@pidster.com] 
Sent: Tuesday, June 22, 2010 7:11 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

On 22/06/2010 13:05, Marc Boorshtein wrote:
> I haven't tried this with IIS, but we had quite the discussion on this 
> last week with Apache & tomcat with JK.  In your server.xml file add 
> tomcatAuthentication="false" to the AJP connector object.  If you look 
> in the archives of this list for JK_REMOTE_USER there is a very 
> interesting discussion on the topic.

Also, you could iterate through the headers in request.getHeaderNames() to see 
what's being passed across to Tomcat.


p


> Marc
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

Thanks Marc.  I actually have that setting in my server.xml file as well.  

Actually I did follow your post last week thinking that would help me but the 
ISAPI filter is working properly as indicated in my log and IIS has 
authenticated the info otherwise, at least it is my understanding and my 
experience for the last month in trying to get the ISAPI config and IIS setup 
properly, that the request info in the isapi log would NOT be populated at all. 
 But now that it is, it appears that I cannot get to the request info by using 
the getRemoteUser() method which I understood from Ranier and Andre that I 
could use to get the user value that I need to complete authentication in my 
code.

It just seems that the ISAPI filter is NOT working properly.  Andre or Ranier, 
if you guys are out there, your response would be appreciated.

Thanks again.

-Original Message-
From: Marc Boorshtein [mailto:mboorsht...@gmail.com] 
Sent: Tuesday, June 22, 2010 7:06 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for 
authentication

I haven't tried this with IIS, but we had quite the discussion on this
last week with Apache & tomcat with JK.  In your server.xml file add
tomcatAuthentication="false" to the AJP connector object.  If you look
in the archives of this list for JK_REMOTE_USER there is a very
interesting discussion on the topic.

Marc

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Still having problem retrieving user value from ISAPI Filter for authentication

[Savoy, Melinda]

72:4000] [debug] jk_ajp_common.c (723): 
Header[1] [Content-Type] = [text/html;charset=ISO-8859-1]
[Tue Jun 22 06:25:55.697 2010] [1572:4000] [debug] jk_ajp_common.c (723): 
Header[2] [Content-Language] = [en-US]
[Tue Jun 22 06:25:55.697 2010] [1572:4000] [debug] jk_ajp_common.c (723): 
Header[3] [Content-Length] = [71]
[Tue Jun 22 06:25:55.697 2010] [1572:4000] [debug] jk_isapi_plugin.c (947): 
Starting response for URI '/index.jsp' (protocol HTTP/1.1)
[Tue Jun 22 06:25:55.697 2010] [1572:4000] [debug] jk_isapi_plugin.c (1047): 
Not using Keep-Alive
[Tue Jun 22 06:25:55.697 2010] [1572:4000] [debug] jk_ajp_common.c (1336): 
received from ajp13 pos=0 len=75 max=8192
[Tue Jun 22 06:25:55.697 2010] [1572:4000] [debug] jk_ajp_common.c (1336):  
   03 00 47 0D 0A 0D 0A 48 65 72 65 20 69 73 20 6D  - ..GHere.is.m
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (1336): 0010 
   79 20 55 53 45 52 49 44 20 75 73 69 6E 67 20 67  - y.USERID.using.g
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (1336): 0020 
   65 74 52 65 6D 6F 74 65 55 73 65 72 2C 20 6E 75  - etRemoteUser,.nu
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (1336): 0030 
   6C 6C 20 2C 20 69 6E 20 6D 79 20 69 6E 64 65 78  - ll.,.in.my.index
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (1336): 0040 
   2E 6A 73 70 20 70 61 67 65 2E 00 00 00 00 00 00  - .jsp.page...
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_isapi_plugin.c (1188): 
Writing 71 bytes of data to client
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_isapi_plugin.c (1201): 
Wrote 71 bytes of data successfully
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (1336): 
received from ajp13 pos=0 len=2 max=8192
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (1336):  
   05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  - 
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (1940): 
AJP13 protocol: Reuse is OK
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_isapi_plugin.c (2185): 
service() returned OK
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (757): 
(scmisWorker) resetting endpoint with sd = 2128 
[Tue Jun 22 06:25:55.713 2010] [1572:4000] [debug] jk_ajp_common.c (3010): 
recycling connection pool slot=0 for worker scmisWorker

-Original Message-
From: Savoy, Melinda 
Sent: Monday, June 21, 2010 12:55 PM
To: 'Tomcat Users List'
Subject: Problem retrieving domain\userid from HttpServletRequest object 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Problem retrieving domain\userid from HttpServletRequest object

[Savoy, Melinda]

What I finally did was remove my filter from the web.xml file all together and 
I have a TEST index.jsp page that only contains the following:

<%...@page language="java" contentType="text/html; charset=ISO-8859-1" 
pageEncoding="ISO-8859-1"%>

Here is my userid + <%=request.getRemoteUser()%>
I got to my INDEX page.

So that my app would go straight to the index.jsp page above and when I got the 
index.jsp page up on my browser this is what I saw:

Here is my userid + null I got to my INDEX page.

So it would appear that the ISAPI filter is NOT integrated with my Tomcat 
server completely even though in the ISAPI log it shows the following:

[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_isapi_plugin.c (1835): 
Filter started
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (1036): 
Attempting to map URI '/localhost/SCMIS/index.jsp' from 3 maps
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/jkmanager=jkstatus' source 'uriworkermap'
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/*.action=scmisWorker' source 'uriworkermap'
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/*.jsp=scmisWorker' source 'uriworkermap'
[Mon Jun 21 16:01:43.750 2010] [5608:1984] [debug] jk_uri_worker_map.c (863): 
Found a wildchar match '/*.jsp=scmisWorker'
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (1916): 
check if [/SCMIS/index.jsp] points to the web-inf directory
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (1932): 
[/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (1972): 
fowarding escaped URI [/SCMIS/index.jsp]
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2792): 
Reading extension header HTTP_TOMCATWORKER6A6B: scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2793): 
Reading extension header HTTP_TOMCATWORKERIDX6A6B: 2
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2794): 
Reading extension header HTTP_TOMCATURI6A6B: /SCMIS/index.jsp
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2795): 
Reading extension header HTTP_TOMCATQUERY6A6B: (null)
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2850): 
Applying service extensions
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (3120): 
Service request headers=8 attributes=0 chunked=no content-length=0 available=0
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_worker.c (116): found a 
worker scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_isapi_plugin.c (2162): 
got a worker for name scmisWorker
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_ajp_common.c (3093): 
acquired connection pool slot=0 after 0 retries
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_ajp_common.c (605): ajp 
marshaling done
[Mon Jun 21 16:01:43.766 2010] [5608:1984] [debug] jk_ajp_common.c (2376): 
processing scmisWorker with 2 retries

I am just not sure if the ISAPI log shows the info above why it is not 
integrated properly.  I am at a total loss at this point.  

Any help would be appreciated.

Thank you.

-Original Message-
From: Savoy, Melinda 
Sent: Monday, June 21, 2010 12:55 PM
To: 'Tomcat Users List'
Subject: Problem retrieving domain\userid from HttpServletRequest object 

I am on what I hope is the last issue in trying to get authentication completed 
on the IIS-Tomcat integration.

I have the ISAPI filter loaded and appears to be working properly per the ISAPI 
log.  IIS is sending the NTLM authorization header with the encrypted 
domain\username and the ISAPI filter log shows the request info but I cannot 
pick it up from the HttpFilter class below in the ServletRequest parameter.

The HttpFilter class that my application uses (using the Tomcat ServletRequest 
object) to authenticate from the HttpServletRequest req as follows below does 
NOT contain the domain\username when I issue the getRemoteUser() or the 
getUserPrincipal.getName() methods because both come back as NULL:

public final void doFilter(final ServletRequest request, final ServletResponse 
response, final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest req = (HttpServletRequest) request;
final HttpServletResponse resp = (HttpServletResponse) response;

Problem retrieving domain\userid from HttpServletRequest object

[Savoy, Melinda]

I am on what I hope is the last issue in trying to get authentication completed 
on the IIS-Tomcat integration.

I have the ISAPI filter loaded and appears to be working properly per the ISAPI 
log.  IIS is sending the NTLM authorization header with the encrypted 
domain\username and the ISAPI filter log shows the request info but I cannot 
pick it up from the HttpFilter class below in the ServletRequest parameter.

The HttpFilter class that my application uses (using the Tomcat ServletRequest 
object) to authenticate from the HttpServletRequest req as follows below does 
NOT contain the domain\username when I issue the getRemoteUser() or the 
getUserPrincipal.getName() methods because both come back as NULL:

public final void doFilter(final ServletRequest request, final ServletResponse 
response, final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest req = (HttpServletRequest) request;
final HttpServletResponse resp = (HttpServletResponse) response;

String userID = req.getRemoteUser();
String userID2 = req.getUserPrincipal.getName();

try {
execute(req, resp);
} catch (FilterInterruptException e) {
return;
} catch (Exception e) {
log.severe(new HttpRequestDebugger(req).toString());
throw new ServletException(e);
}

chain.doFilter(request, response);

this.afterChain(req, resp);
}

I am using version Apache Tomcat 6.0.18.

Any suggestions on how to get to this info within JAVA.  I cannot get to my 
TEST index.jsp page that just shows the value for the userid because I cannot 
get past this filter first and that is why I'm getting 401.2 errors back in my 
browser.

Thank you.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: ISAPI log question regarding authentication

[Savoy, Melinda]

Thanks for the reply.  I just was not sure.  I have to troubleshoot our app as 
I did not think we were sending back a 401 error.

Again, thanks for the reply.

From: Rainer Jung [rainer.j...@kippdata.de]
Sent: Friday, June 11, 2010 16:36
To: Tomcat Users List
Subject: Re: ISAPI log question regarding authentication

On 11.06.2010 23:21, Savoy, Melinda wrote:
> I am working in my local Eclipse development environment on a Windows XP box. 
>  (As stated in a previous post, I was able to get authentication working in 
> the Windows 2003 environment after talking to a MS IIS engineer)
>
> I just got off of a phone call with another IIS engineer at Microsoft 
> regarding the authentication issue again that I am getting Windows XP and we 
> spotted something interesting in the ISAPI log and wanted to run it by you 
> guys.
>
> I've now setup my IIS and browser in Windows XP to FORCE NTLM authentication 
> and I am getting in the request, per the ISAPI log, the credentials that it 
> passes from IIS to Tomcat.
>
> What is interesting is that it would appear that from the ISAPI log that the 
> AJP is returning a 401 code to the browser and therefore executing a Windows 
> Login prompt. Please see bolded/red type below.
>
> Below is a copy of the entries in my ISAPI log and wanted to get any input on 
> WHY it would appear that the redirector is returning a 401 status back to my 
> IE or Firefox browser(?):

Because it receives a 401 response form your web application in Tomcat
and forwards the response as is to the client. So why is your web
application sending a 401?

Regards,

Rainer

> [Fri Jun 11 15:46:59.853 2010] [2292:2200] [info] jk_isapi_plugin.c (2573): 
> Jakarta/ISAPI/isapi_redirector/1.2.30 initialized
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1835): 
> Filter started
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c 
> (1036): Attempting to map URI '/localhost/SCMIS/index.jsp' from 1 maps
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): 
> Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): 
> Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (863): 
> Found a wildchar match '/SCMIS/*=scmisWorker'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1916): 
> check if [/SCMIS/index.jsp] points to the web-inf directory
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1932): 
> [/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1972): 
> fowarding escaped URI [/SCMIS/index.jsp]
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_worker.c (339): 
> Maintaining worker scmisWorker
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2792): 
> Reading extension header HTTP_TOMCATWORKER6A6B: scmisWorker
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2793): 
> Reading extension header HTTP_TOMCATWORKERIDX6A6B: 0
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2794): 
> Reading extension header HTTP_TOMCATURI6A6B: /SCMIS/index.jsp
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2795): 
> Reading extension header HTTP_TOMCATQUERY6A6B: (null)
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2850): 
> Applying service extensions
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3108): 
> Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
> name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3120): 
> Service request headers=8 attributes=0 chunked=no content-length=0 available=0
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_worker.c (116): found a 
> worker scmisWorker
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2162): 
> got a worker for name scmisWorker
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (3093): 
> acquired connection pool slot=0 after 0 retries
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (605): ajp 
> marshaling done
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (2376): 
> processing scmisWorker with 2 retries
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (1579): 
> (scmisWorker) all endpoints 

ISAPI log question regarding authentication

[Savoy, Melinda]

I am working in my local Eclipse development environment on a Windows XP box.  
(As stated in a previous post, I was able to get authentication working in the 
Windows 2003 environment after talking to a MS IIS engineer)

I just got off of a phone call with another IIS engineer at Microsoft regarding 
the authentication issue again that I am getting Windows XP and we spotted 
something interesting in the ISAPI log and wanted to run it by you guys.

I've now setup my IIS and browser in Windows XP to FORCE NTLM authentication 
and I am getting in the request, per the ISAPI log, the credentials that it 
passes from IIS to Tomcat.

What is interesting is that it would appear that from the ISAPI log that the 
AJP is returning a 401 code to the browser and therefore executing a Windows 
Login prompt. Please see bolded/red type below.

Below is a copy of the entries in my ISAPI log and wanted to get any input on 
WHY it would appear that the redirector is returning a 401 status back to my IE 
or Firefox browser(?):

[Fri Jun 11 15:46:59.853 2010] [2292:2200] [info] jk_isapi_plugin.c (2573): 
Jakarta/ISAPI/isapi_redirector/1.2.30 initialized
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1835): 
Filter started
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (1036): 
Attempting to map URI '/localhost/SCMIS/index.jsp' from 1 maps
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (863): 
Found a wildchar match '/SCMIS/*=scmisWorker'
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1916): 
check if [/SCMIS/index.jsp] points to the web-inf directory
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1932): 
[/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
[Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1972): 
fowarding escaped URI [/SCMIS/index.jsp]
[Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_worker.c (339): 
Maintaining worker scmisWorker
[Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2792): 
Reading extension header HTTP_TOMCATWORKER6A6B: scmisWorker
[Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2793): 
Reading extension header HTTP_TOMCATWORKERIDX6A6B: 0
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2794): 
Reading extension header HTTP_TOMCATURI6A6B: /SCMIS/index.jsp
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2795): 
Reading extension header HTTP_TOMCATQUERY6A6B: (null)
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2850): 
Applying service extensions
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3120): 
Service request headers=8 attributes=0 chunked=no content-length=0 available=0
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_worker.c (116): found a 
worker scmisWorker
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2162): 
got a worker for name scmisWorker
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (3093): 
acquired connection pool slot=0 after 0 retries
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (605): ajp 
marshaling done
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (2376): 
processing scmisWorker with 2 retries
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (1579): 
(scmisWorker) all endpoints are disconnected.
[Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_connect.c (480): socket 
TCP_NODELAY set to On
[Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (604): trying 
to connect socket 2112 to 127.0.0.1:8009
[Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (630): socket 
2112 connected to 127.0.0.1:8009
[Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (967): 
Connected socket 2112 to (127.0.0.1:8009)
[Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 
sending to ajp13 pos=4 len=524 max=8192
[Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152):  
   12 34 02 08 02 02 00 08 48 54 54 50 2F 31 2E 31  - .4..HTTP/1.1
[Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0010 
   00 00 10 2F 53 43 4D 49 53 2F 69 6E 64 65 78 2E  - .../SCMIS/index.
[Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0020 
   6A 73 70 00 00 

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Andre - thanks for the reply.

From: André Warnier [...@ice-sa.com]
Sent: Tuesday, June 08, 2010 16:37
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Savoy, Melinda wrote:
> Andre,
>
> Without going into a lot of detail I was finally able to, via the help of an 
> IIS engineer at Microsoft via our TAM,
  force NTLM authentication via IIS.  What I learned is that by default
IIS is NOT setup to accept NTLM authentication
  but only Kerberos.  Consequently, I went thru some different commands
with the MS IIS engineer to get NTLM
  on IIS to authenticate and now I am getting in the request, per the
ISAPI log, the user info I was looking for (see below).
   Eureka!!
>
So all this time, the problem was between the browser and IIS, and
nothing to do with isapi_redirector or Tomcat.
That is basically what Rainer and I have been telling you since a long time.


As for the rest :

- the fact that you are getting something like TEXAS\user-id is normal.
The first part is the (short) domain name.  That is because your LAN
could consist of several domains, and a user-id might be repeated in
different domains (like TEXAS\jsmith and INDIANA\jsmith, being different
users).  Specialised Tomcat-level authentication modules like Jespa (and
I suppose Waffle) have parameters allowing you to have the domain part
stripped automatically if you so wish.  But since you are not using
these modules, you'll have to do that yourself.
But beware of what I say above : really find out with your network
admins if you do indeed have a single domain where a domain-stripped
user-id is really unique; or if your network has different "trusting"
domains inside of which domain-stripped user-id's may not be unique.

- reduce the log level of isapi_redirector now, please.  It is no fun
scanning through hundreds of log lines to find the significant bit.
The (only) significant bit in this case was the very first response,
which indicates a "server error 500" return code. The rest is all
retrieval of error page and links therein (images, css, etc).

- you should temporarily replace your entire webapp (including the
legacy filter) with a very simple one, which does /only/ a
getRemoteUser() and displays it as a response.
Then you will see if the fact that you do not get the user in your
webapp is an issue of your webapp, or maybe of your legacy filter
interfering.
Then re-insert the legacy filter and try again.

It is possible that the legacy filter simply resets the user-id to null
when /it/ cannot authenticate the user (and that it never checks if the
request is already authenticated to begin with).

The easiest way to disable your legacy filter is probably to temporarily
set its  (in web.xml) to something that never matches.

Here follows a very simple servlet which just echoes back the userid.
I do not know anything about JSP, but I suspect that doing this with a
JSP page is much simpler.  Christopher or someone ?


package scimisdev;

import java.io.IOException;
import java.io.PrintWriter;
import java.security.Principal;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public final class DumpUser extends HttpServlet {
   public void doGet(HttpServletRequest request, HttpServletResponse
response)
   throws IOException, ServletException {

   String userName = request.getRemoteUser();
   if (userName == null) {
 userName = "*null*";
   }

   response.setContentType("text/plain");
   PrintWriter writer = response.getWriter();
   writer.println(userName);

   }
}
/*
In your web.xml, include the following:

 
 DumpUser
 scimisdev.DumpUser
 

 
 DumpUser
 *.dumpuser
 
*/

and call it as http://servername/scimisdev/xxx.dumpuser

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

dB,

I did as you suggested and create another virtual directory on IIS with the 
same security setup and was able to get to the .HTM page in IIS without issue.  
 Here is what Fiddler had to show on that:

URL entered:http://servername/test

Raw Headers tab:

HTTP/1.1 200 OK
Content-Length: 1433
Content-Type: text/html
Content-Location: http://servername/test/iisstart.htm
Last-Modified: Fri, 21 Feb 2003 23:48:30 GMT
Accept-Ranges: bytes
ETag: "09b60bc3dac21:64b"
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate 
oYGgMIGdoAMKAQChCwYJKoZIgvcSAQICooGIBIGFYIGCBgkqhkiG9xIBAgICAG9zMHGgAwIBBaEDAgEPomUwY6ADAgEXolwEWpeCqC92NbalsW+HmZt04XMZFMzqSW/yMDEJ+HNZ7N3W3s7GUz5v+k2PTk6u36M6i6MRFuI9tJl13sEoVfrMImMEZkq3AYMYIjW6aifTlIB/IfQQyvrrOWYJHg==
Date: Mon, 07 Jun 2010 11:23:39 GMT

Auth tab:

No Proxy-Authenticate Header is present.

WWW-Authenticate Header (Negotiate) appears to be a Kerberos reply:
A1 81 A0 30 81 9D A0 03 0A 01 00 A1 0B 06 09 2A  ¡ 0 ¡...*
86 48 82 F7 12 01 02 02 A2 81 88 04 81 85 60 81  ?H'÷¢^....`
82 06 09 2A 86 48 86 F7 12 01 02 02 02 00 6F 73  '..*?H?÷..os
30 71 A0 03 02 01 05 A1 03 02 01 0F A2 65 30 63  0q ¡¢e0c
A0 03 02 01 17 A2 5C 04 5A 97 82 A8 2F 76 35 B6   ¢\.Z-'¨/v5¶
A5 B1 6F 87 99 9B 74 E1 73 19 14 CC EA 49 6F F2  ¥±o?(tm)>tás..ÌêIoò
30 31 09 F8 73 59 EC DD D6 DE CE C6 53 3E 6F FA  01.øsYìÝÖÞÎÆS>oú
4D 8F 4E 4E AE DF A3 3A 8B A3 11 16 E2 3D B4 99  MNN®ß£:<£..â=´(tm)
75 DE C1 28 55 FA CC 22 63 04 66 4A B7 01 83 18  uÞÁ(UúÌ"c.fJ·.f.
22 35 BA 6A 27 D3 94 80 7F 21 F4 10 CA FA EB 39  "5ºj'Ó"EUR!ô.Êúë9
66 09 1E f..

Thanks for your reply.

Regards.


-Original Message-
From: dB. [mailto:dbl...@dblock.org]
Sent: Friday, June 04, 2010 1:58 PM
To: Tomcat Users List
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Request:

GET / HTTP/1.1
Authorization: Negotiate 
TlRMTVNTUAABB4IIogAFASgKDw==
>>> The browser is trying to get a page, and it sends a Negotiate token (it's 
>>> short, so looks like NTLM).

Response:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM

This already says that the token sent was invalid. The next conversation is 
just a repeat of that. It's invalid because the browser is not in the domain or 
because the user logged in doesn't have access to the server. It's possible 
that the Windows event viewer on the server has an actual error in the Security 
event log.

I would create a dummy website in IIS that has the same authentication mode 
(Windows Auth, Anonymous disabled) and make sure I can browse successfully to 
that page, first.


Melinda, I think you should hire some external help to fix this problem for 
you. There're a lot of moving parts. Maybe someone on this list could offer you 
to resolve this problem for a consulting fee.

dB. @ dblock.org
Moscow|Geneva|Seattle|New York



-Original Message-
From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
Sent: Friday, June 04, 2010 8:36 AM
To: 'Tomcat Users List'
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Thanks Andre.   Appreciate the explanation.

I downloaded Fiddler as you suggested, and meant to send this in the earlier 
post.

In the RAW HEADER I get the following when I enter this URL in my IE browser:   
http://scmisdev

GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, 
application/x-shockwave-flash, application/x-ms-application, 
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, 
application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; 
.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET 
CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: scmisdev
Authorization: Negotiate 
TlRMTVNTUAABB4IIogAFASgKDw==


In the AUTH window I see the following:

No Proxy-Authenticate Header is present.

WWW-Authenticate Header is present: Negotiate

WWW-Authenticate Header is present: NTLM


In the RAW window I see the following:

HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Fri, 04 Jun 2010 12:30:03 GMT
Proxy-Support: Session-Based-Authentication

http://www.w3.org/TR/html4/strict.dtd";>
You are not authorized to view this page


  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Thanks Andre.   Appreciate the explanation.

I downloaded Fiddler as you suggested, and meant to send this in the earlier 
post.

In the RAW HEADER I get the following when I enter this URL in my IE browser:   
http://scmisdev

GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, 
application/x-shockwave-flash, application/x-ms-application, 
application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, 
application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; 
.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET 
CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: scmisdev
Authorization: Negotiate 
TlRMTVNTUAABB4IIogAFASgKDw==


In the AUTH window I see the following:

No Proxy-Authenticate Header is present.

WWW-Authenticate Header is present: Negotiate

WWW-Authenticate Header is present: NTLM


In the RAW window I see the following:

HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Date: Fri, 04 Jun 2010 12:30:03 GMT
Proxy-Support: Session-Based-Authentication

http://www.w3.org/TR/html4/strict.dtd";>
You are not authorized to view this page


  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }



You are not authorized to view this page
You do not have permission to view this directory or page using the credentials 
that you supplied because your Web browser is sending a WWW-Authenticate header 
field that the Web server is not configured to accept.

Please try the following:

Contact the Web site administrator if you believe you should be able to 
view this directory or page.
Click the Refresh button to try 
again with different credentials.

HTTP Error 401.2 - Unauthorized: Access is denied due to server 
configuration.Internet Information Services (IIS)

Technical Information (for support personnel)

Go to http://go.microsoft.com/fwlink/?linkid=8180";>Microsoft 
Product Support Services and perform a title search for the words 
HTTP and 401.
Open IIS Help, which is accessible in IIS Manager (inetmgr),
 and search for topics titled About Security, Authentication, and 
About Custom Error Messages.




Do you see anything here?  I was about to call the engineer on our network 
staff that might be able to help me but what to ask this last question before I 
did that.

Thanks again for all your help!!!



-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Friday, June 04, 2010 7:26 AM
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Savoy, Melinda wrote:
> 2 - questions (just because I'm not knowledgeable about IP address or TCP/IP 
> ports etc or networking functionality).
>
> 1.  Before moving to IIS, the Tomcat server was setup on port 80 but because 
> IIS uses port 80 the Tomcat server in the server.xml was changed to 8080.  
> Could this be the problem on why I'm getting the HTTP Error 401.2 - 
> Unauthorized: Access is denied due to server configuration.  Internet 
> Information Services (IIS)?

Ok, let's still try to process this one little bit at a time.
Your Tomcat /can/ receive requests on two different ports, each of these
ports being indicated and configured by a  element in server.xml.
You have :
- one Connector listening on port 8080.  That Connector expects requests
formatted as per the HTTP protocol.
- one connector listening on port 8009. That Connector expects requests
formatted as per the AJP protocol (as used by the Apache mod_jk module,
or the IIS isapi_redirector module.

It does not matter through which Connector a particular request comes
in. The Connector will receive the request, and "translate" it into a
common internal Tomcat format before passing it on to the rest of Tomcat.
In other words, if you send the request from the browser to
http://hostname:8080/request_url
or you send the request to IIS on port 80, like
http://hostname[:80]/request_url
and IIS passes it to the isapi-redirector, which passes it to the AJP
connector of Tomcat on port 8009,
the final result is essentially the same, except for some details, and
Tomcat will process the request the saqme way in both cases.

BUT, the request which provokes the error message which you are
mentioning above does not seem to even reach Tomcat : it looks like the
error is generated by IIS, before it even thinks about forwarding this
request (maybe) to Tomcat.

So there seems to be something wrong at the level between the browser
and IIS, or in the IIS authentication/authorisation level.


>
> 2. 

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

2 - questions (just because I'm not knowledgeable about IP address or TCP/IP 
ports etc or networking functionality).

1.  Before moving to IIS, the Tomcat server was setup on port 80 but because 
IIS uses port 80 the Tomcat server in the server.xml was changed to 8080.  
Could this be the problem on why I'm getting the HTTP Error 401.2 - 
Unauthorized: Access is denied due to server configuration.  Internet 
Information Services (IIS)?

2.  Per Andre, " So now the isapi redirector module knows that in order to 
reach this Tomcat and pass the browser request to it, it need to establish a 
TCP/IP connection to localhost on port 8009, and format the request according 
to the specicifications of the AJP/1.3 protocol.
This protocol is a bit different from HTTP, so the /format/ in which the isapi 
redirector passes the request to the Tomcat server is different from the 
original HTTP request, but the /content/ of the request is the same."

If the network I'm on does NOT recognize this port 8009 would that be 
contributing to the HTTP Error 401.2?

Thanks.

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Thursday, June 03, 2010 4:22 PM
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Hi.

Now we're cooking !
But by the way, now this is also OT for this list, because your problem
now seems to be between the browser and the webserver.

First, please do the following : using Google, find the the IE plugin
named "Fiddler 2" and install it in your IE browser.
That is a plugin which will allow you to view all the exchanges between
the browser and the server (headers, errors, contents etc..).

Second, check in the IE options that it is really allowed to use
"Integrated Windows Authentication". That is somewhere in the long list
of extended options.

If you receive a login dialog when you try to access a resource under
IIS, it is because either one of these conditions :

- the IIS server requests the browser to authenticate using a specific
method (e.g. NTLM), but the browser is not set up to do this and is
trying a Basic authentication.

- the version of NTLM required by the server and the one supported by
the workstation are not compatible

- your workstation is not logged into the same domain as the server

- your workstation does not recognise the server as a "trusted" server

Basically, if Integrated Windows Authentication was working, you should
never see this login popup. It should all happen automatically behind
the scenes.





Savoy, Melinda wrote:
> I think I was finally able to TEST that my tomcat connector and its 
> respective config files have been setup correctly.
>
> I think I have narrowed my problem to an IIS Directory Security ISSUE on 
> jakarta.  If anyone has run into this issue can you please respond to the 
> following problem:
>
> In IIS I have the Default Web Site setup with:
>
> ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
> 6.0\bin\isapi_redirect.dll
> And the Directory Security is:  Enable anonymous access (checked only)
>
> In IIS I have the jakarta virtual directory setup with:
>
> Where the local path is:  C:\Server\Tomcat 6.0\bin
> And the Directory Security is:  Integrated Windows authentication (checked 
> only)
>
> The result I get in my IE browser is:
>
> You are not authorized to view this page
> You do not have permission to view this directory or page using the 
> credentials that you supplied because your Web browser is sending a 
> WWW-Authenticate header field that the Web server is not configured to accept.
> 
>
> Please try the following:
>
> Contact the Web site administrator if you believe you should be able to view 
> this directory or page.
> Click the Refresh button to try again with different credentials.
> HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
> Internet Information Services (IIS)
>
> But when I change the jakarta Directory Security to the following I am able 
> to get to the ERROR.jsp page in my application on Tomcat:
>
> Directory Security changed to Anonymous access (checked only)
>
> The ERROR.jsp page comes up because I do not have a USER value in the 
> request.  It is empty as depicted from the isapi log:
>
> [Thu Jun 03 15:27:24.665 2010] [948:3148] [debug] jk_isapi_plugin.c (3108): 
> Service protocol=HTTP/1.1 method=GET host=167.99.60.10 addr=167.99.60.10 
> name=scmisdev port=80 auth= user= uri=/pics/plus.jpg
>
> Any suggestions or direction on how I can remedy this issue would be 
> appreciated.
>
> Thank you.
>
>
> -Original Message-
> From: Savoy, Melinda
> Sent: Thursday, June 03, 2010 

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Thanks Leo.  I do have the Web Service Extension created.

-Original Message-
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
Sent: Thursday, June 03, 2010 4:34 PM
To: 'Tomcat Users List'
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

I can't remember if anyone has already mentioned this.  If so, my apologies.

In IIS, do you have a "Web Service Extension" that is mapped to the 
isapi_redirect.dll, and that is set to "allowed"?

-----Original Message-
From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
Sent: Thursday, June 03, 2010 1:53 PM
To: 'Tomcat Users List'
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

I think I was finally able to TEST that my tomcat connector and its respective 
config files have been setup correctly.

I think I have narrowed my problem to an IIS Directory Security ISSUE on 
jakarta.  If anyone has run into this issue can you please respond to the 
following problem:

In IIS I have the Default Web Site setup with:

ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
6.0\bin\isapi_redirect.dll
And the Directory Security is:  Enable anonymous access (checked only)

In IIS I have the jakarta virtual directory setup with:

Where the local path is:  C:\Server\Tomcat 6.0\bin
And the Directory Security is:  Integrated Windows authentication (checked only)

The result I get in my IE browser is:

You are not authorized to view this page
You do not have permission to view this directory or page using the credentials 
that you supplied because your Web browser is sending a WWW-Authenticate header 
field that the Web server is not configured to accept.


Please try the following:

Contact the Web site administrator if you believe you should be able to view 
this directory or page.
Click the Refresh button to try again with different credentials.
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)

But when I change the jakarta Directory Security to the following I am able to 
get to the ERROR.jsp page in my application on Tomcat:

Directory Security changed to Anonymous access (checked only)

The ERROR.jsp page comes up because I do not have a USER value in the request.  
It is empty as depicted from the isapi log:

[Thu Jun 03 15:27:24.665 2010] [948:3148] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=167.99.60.10 addr=167.99.60.10 
name=scmisdev port=80 auth= user= uri=/pics/plus.jpg

Any suggestions or direction on how I can remedy this issue would be 
appreciated.

Thank you.


-----Original Message-
From: Savoy, Melinda
Sent: Thursday, June 03, 2010 12:53 PM
To: 'Tomcat Users List'
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Let me try to answer Andre's questions below as well as communicate the results 
I got given the settings I have in the Windows 2003 server and ANY HELP or 
DIRECTION would be GREATLY APPRECIATED :

I spoke to the guy who had setup our Tomcat server and he said that the SECOND 
HOST in our server.xml file was there to define the virtual host that is in our 
enterprise DNS (see settings below).  The baseapp="scmisapp" which is a 
directory in our tomcat server:  C:\Server\Tomcat 6.0\scmisapp

I removed the SECOND virtual directory as you instructed and now I'm getting 
Windows login dialog boxes when trying to go the URL:  http://scmisdev.

If we could start from the following settings  and if someone could let me know 
what I'm doing wrong to get the error (see below) I'm getting it would be 
greatly appreciated:

Workers.properties file:

worker.scmisWorker.type=ajp13
worker.scmisWorker.host=localhost (I'm not sure if this should match the host 
name="scmis" in my server.xml file or not)
worker.scmisWorker.port=8009

uriworkermap.properties file:

/scmisdev/*=scmisWorker  (this matches the virtual host that we have defined in 
the enterprise DNS and what we use to get to this server via the URL in our 
browsers (IE) http://scmisdev ).

Server.xml:












scmisdev
scmisdev.texashealth.org


In IIS I have the Default Web Site setup with:

ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
6.0\bin\isapi_redirect.dll
And the Directory Security is:  Enable anonymous access (checked only)

In IIS I have the jakarta virtual directory setup with:

Where the local path is:  C:\Server\Tomcat 6.0\bin
And the Directory Security is:  Integrated Windows authentication (checked only)

The result I get in my IE browser is:

You are not authorized to view this page
You do not have permission to view this directory or page using the credentials 
that y

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Thank you, Chris.

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Thursday, June 03, 2010 4:14 PM
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Melinda,

On 6/3/2010 11:48 AM, Savoy, Melinda wrote:
> Does the host in the workers.properties file need to match the HOST
> name in the server.xml file (see below):
> 
> worker.scmisWorker.type=ajp13
> worker.scmisWorker.host=scmis
> worker.scmisWorker.port=8009

No, the 'host' for the worker is the host where Tomcat is running. It
has nothing to do with the "Host" header coming from the client in an
HTTP header.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwIGwIACgkQ9CaO5/Lv0PCmPgCdHPQ8sQQYP+LNREqm10WWvq1j
p30AnjFQgh11z/0edNuk3kcwU47hDFGu
=Duc8
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

I think I was finally able to TEST that my tomcat connector and its respective 
config files have been setup correctly.

I think I have narrowed my problem to an IIS Directory Security ISSUE on 
jakarta.  If anyone has run into this issue can you please respond to the 
following problem:

In IIS I have the Default Web Site setup with:

ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
6.0\bin\isapi_redirect.dll
And the Directory Security is:  Enable anonymous access (checked only)

In IIS I have the jakarta virtual directory setup with:

Where the local path is:  C:\Server\Tomcat 6.0\bin
And the Directory Security is:  Integrated Windows authentication (checked only)

The result I get in my IE browser is:

You are not authorized to view this page
You do not have permission to view this directory or page using the credentials 
that you supplied because your Web browser is sending a WWW-Authenticate header 
field that the Web server is not configured to accept.


Please try the following:

Contact the Web site administrator if you believe you should be able to view 
this directory or page.
Click the Refresh button to try again with different credentials.
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)

But when I change the jakarta Directory Security to the following I am able to 
get to the ERROR.jsp page in my application on Tomcat:

Directory Security changed to Anonymous access (checked only)

The ERROR.jsp page comes up because I do not have a USER value in the request.  
It is empty as depicted from the isapi log:

[Thu Jun 03 15:27:24.665 2010] [948:3148] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=167.99.60.10 addr=167.99.60.10 
name=scmisdev port=80 auth= user= uri=/pics/plus.jpg

Any suggestions or direction on how I can remedy this issue would be 
appreciated.

Thank you.


-Original Message-
From: Savoy, Melinda
Sent: Thursday, June 03, 2010 12:53 PM
To: 'Tomcat Users List'
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Let me try to answer Andre's questions below as well as communicate the results 
I got given the settings I have in the Windows 2003 server and ANY HELP or 
DIRECTION would be GREATLY APPRECIATED :

I spoke to the guy who had setup our Tomcat server and he said that the SECOND 
HOST in our server.xml file was there to define the virtual host that is in our 
enterprise DNS (see settings below).  The baseapp="scmisapp" which is a 
directory in our tomcat server:  C:\Server\Tomcat 6.0\scmisapp

I removed the SECOND virtual directory as you instructed and now I'm getting 
Windows login dialog boxes when trying to go the URL:  http://scmisdev.

If we could start from the following settings  and if someone could let me know 
what I'm doing wrong to get the error (see below) I'm getting it would be 
greatly appreciated:

Workers.properties file:

worker.scmisWorker.type=ajp13
worker.scmisWorker.host=localhost (I'm not sure if this should match the host 
name="scmis" in my server.xml file or not)
worker.scmisWorker.port=8009

uriworkermap.properties file:

/scmisdev/*=scmisWorker  (this matches the virtual host that we have defined in 
the enterprise DNS and what we use to get to this server via the URL in our 
browsers (IE) http://scmisdev ).

Server.xml:












scmisdev
scmisdev.texashealth.org


In IIS I have the Default Web Site setup with:

ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
6.0\bin\isapi_redirect.dll
And the Directory Security is:  Enable anonymous access (checked only)

In IIS I have the jakarta virtual directory setup with:

Where the local path is:  C:\Server\Tomcat 6.0\bin
And the Directory Security is:  Integrated Windows authentication (checked only)

The result I get in my IE browser is:

You are not authorized to view this page
You do not have permission to view this directory or page using the credentials 
that you supplied because your Web browser is sending a WWW-Authenticate header 
field that the Web server is not configured to accept.


Please try the following:

Contact the Web site administrator if you believe you should be able to view 
this directory or page.
Click the Refresh button to try again with different credentials.
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)



Technical Information (for support personnel)

Go to Microsoft Product Support Services and perform a title search for the 
words HTTP and 401.
Open IIS Help, which is accessible in IIS Manager 

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Let me try to answer Andre's questions below as well as communicate the results 
I got given the settings I have in the Windows 2003 server and ANY HELP or 
DIRECTION would be GREATLY APPRECIATED :

I spoke to the guy who had setup our Tomcat server and he said that the SECOND 
HOST in our server.xml file was there to define the virtual host that is in our 
enterprise DNS (see settings below).  The baseapp="scmisapp" which is a 
directory in our tomcat server:  C:\Server\Tomcat 6.0\scmisapp 

I removed the SECOND virtual directory as you instructed and now I'm getting 
Windows login dialog boxes when trying to go the URL:  http://scmisdev.

If we could start from the following settings  and if someone could let me know 
what I'm doing wrong to get the error (see below) I'm getting it would be 
greatly appreciated:

Workers.properties file:

worker.scmisWorker.type=ajp13
worker.scmisWorker.host=localhost (I'm not sure if this should match the host 
name="scmis" in my server.xml file or not)
worker.scmisWorker.port=8009

uriworkermap.properties file:

/scmisdev/*=scmisWorker  (this matches the virtual host that we have defined in 
the enterprise DNS and what we use to get to this server via the URL in our 
browsers (IE) http://scmisdev ).

Server.xml:












scmisdev
scmisdev.texashealth.org


In IIS I have the Default Web Site setup with:

ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
6.0\bin\isapi_redirect.dll
And the Directory Security is:  Enable anonymous access (checked only)

In IIS I have the jakarta virtual directory setup with:

Where the local path is:  C:\Server\Tomcat 6.0\bin
And the Directory Security is:  Integrated Windows authentication (checked only)

The result I get in my IE browser is:

You are not authorized to view this page
You do not have permission to view this directory or page using the credentials 
that you supplied because your Web browser is sending a WWW-Authenticate header 
field that the Web server is not configured to accept. 


Please try the following:

Contact the Web site administrator if you believe you should be able to view 
this directory or page. 
Click the Refresh button to try again with different credentials. 
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)



Technical Information (for support personnel)

Go to Microsoft Product Support Services and perform a title search for the 
words HTTP and 401. 
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for 
topics titled About Security, Authentication, and About Custom Error Messages.

-----Original Message-
From: Savoy, Melinda 
Sent: Wednesday, June 02, 2010 5:12 PM
To: Tomcat Users List; Tomcat Users List
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Andre,

First my apologies for forgetting my earlier setup within my Windows XP box and 
therefore as you say not learning what I had done previously.

Second - this Windows 2003 server was already setup and the second host was 
created in order that the user could enter a URL of http://scmisdev and then 
get to the application which is how it has been working.

In your comment:  

"It seems that you have not learned a lot, or forgotten what you
previously learned.

Why do you need this last "virtual directory" in IIS ?
The "jakarta" virtual directory will already re-direct (or rather
"proxy") all the calls to "/scmisdev/*" to Tomcat.
You do not want IIS to go directly put its nose in the Tomcat
directories.  You want it to go through the isapi redirector for that,
which you already do with the jakarta virtual directory setup."

What do I put in the uriworkermap.properties file that redirects to where the 
JSP's are?  The directory path in Tomcat as to where the app is located is:

C:\Server\Tomcat 6.0\scmisapp\ROOT\WEB-INF

You are correct that I'm probably mixing up 2 things but I'm trying retain all 
the info that you and Ranier have each given but sometimes it would appear to 
me to be confusing.

Lastly, let me state again my apologies.  It is NOT my intent to waste the time 
of you or anyone else on this list just trying to get some help.

I will try again in the morning.  

Regards.



From: André Warnier [...@ice-sa.com]
Sent: Wednesday, June 02, 2010 16:29
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Savoy, Melinda wrote:
> I finally got my Windows 2003 development box setup with the Tomcat Connector 
> and IIS 6.0.  The following is my setup:
>
> In th

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Question.  Does the host in the workers.properties file need to match the HOST 
name in the server.xml file (see below):

worker.scmisWorker.type=ajp13
worker.scmisWorker.host=scmis
worker.scmisWorker.port=8009



scmisdev
scmisdev.texashealth.org


Thank you.



-Original Message-
From: Savoy, Melinda 
Sent: Wednesday, June 02, 2010 5:12 PM
To: Tomcat Users List; Tomcat Users List
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Andre,

First my apologies for forgetting my earlier setup within my Windows XP box and 
therefore as you say not learning what I had done previously.

Second - this Windows 2003 server was already setup and the second host was 
created in order that the user could enter a URL of http://scmisdev and then 
get to the application which is how it has been working.

In your comment:  

"It seems that you have not learned a lot, or forgotten what you
previously learned.

Why do you need this last "virtual directory" in IIS ?
The "jakarta" virtual directory will already re-direct (or rather
"proxy") all the calls to "/scmisdev/*" to Tomcat.
You do not want IIS to go directly put its nose in the Tomcat
directories.  You want it to go through the isapi redirector for that,
which you already do with the jakarta virtual directory setup."

What do I put in the uriworkermap.properties file that redirects to where the 
JSP's are?  The directory path in Tomcat as to where the app is located is:

C:\Server\Tomcat 6.0\scmisapp\ROOT\WEB-INF

You are correct that I'm probably mixing up 2 things but I'm trying retain all 
the info that you and Ranier have each given but sometimes it would appear to 
me to be confusing.

Lastly, let me state again my apologies.  It is NOT my intent to waste the time 
of you or anyone else on this list just trying to get some help.

I will try again in the morning.  

Regards.



From: André Warnier [...@ice-sa.com]
Sent: Wednesday, June 02, 2010 16:29
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Savoy, Melinda wrote:
> I finally got my Windows 2003 development box setup with the Tomcat Connector 
> and IIS 6.0.  The following is my setup:
>
> In the server.xml file I have the following in the HOST element:
>
> 
>unpackWARs="false" autoDeploy="false"
> xmlValidation="false" xmlNamespaceAware="false">
>
> 
> 
>
> 
> 
>
>   
>
>  unpackWARs="true" autoDeploy="false"
> xmlValidation="false" xmlNamespaceAware="false">
>
> scmisdev

not necessary, since this is already the hostname

> scmisdev.texashealth.org
>   

Why this second Host anyway ?

>
> In my uriworkermap.properties file:
>
> /scmisdev/*=scmisWorker
> /scmisdev/*.jsp=scmisWorker
> /scmisdev/servlet/*=scmisWorker

the first one covers the other 2, so why have them ?

>
> In my workers.properties file:
>
> # workers.properties from = 
> http://onjava.com/pub/a/onjava/2002/12/18/tomcat.html
> #
> # This file provides minimal jk configuration properties needed to
> # connect to Tomcat.
> #
> # The workers that jk should create and work with
>
> worker.list=scmisWorker
>
> #
> # Defining a worker named ajp13w and of type ajp13
> # Note that the name and the type do not have to match.
> #
> worker.scmisWorker.port=8009
> worker.scmisWorker.host=localhost
> worker.scmisWorker.type=ajp13
>
> In IIS I have the Default Web Site setup with:
>
> ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
> 6.0\bin\isapi_redirect.dll
> And the Directory Security is:  Enable anonymous access (checked only)
>
> In IIS I have the jakarta virtual directory setup with:
>
> Where the local path is:  C:\Server\Tomcat 6.0\bin
> And the Directory Security is:  Integrated Windows authentication (checked 
> only)
>
> In IIS I have the scmisdev virtual directory setup with:
>
> Where the local path is:  C:\Server\Tomcat 6.0\scmisapp\ROOT\WEB-INF (points 
> to WEB-INF directory)
> And the Directory Security is:  Integrated Windows authentication (checked 
> only)

It seems that you have not learned a lot, or forgotten what you
previously learned.

Why do you need this last "virtual directory" in IIS ?
The "jakarta" virtual directory will already re-direct (or rather
"proxy") all the calls to "/scmisdev/*" to Tomcat.
You do not want IIS to go directly put its nose in the Tomcat
directories.  You want it to go through th

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Andre,

First my apologies for forgetting my earlier setup within my Windows XP box and 
therefore as you say not learning what I had done previously.

Second - this Windows 2003 server was already setup and the second host was 
created in order that the user could enter a URL of http://scmisdev and then 
get to the application which is how it has been working.

In your comment:  

"It seems that you have not learned a lot, or forgotten what you
previously learned.

Why do you need this last "virtual directory" in IIS ?
The "jakarta" virtual directory will already re-direct (or rather
"proxy") all the calls to "/scmisdev/*" to Tomcat.
You do not want IIS to go directly put its nose in the Tomcat
directories.  You want it to go through the isapi redirector for that,
which you already do with the jakarta virtual directory setup."

What do I put in the uriworkermap.properties file that redirects to where the 
JSP's are?  The directory path in Tomcat as to where the app is located is:

C:\Server\Tomcat 6.0\scmisapp\ROOT\WEB-INF

You are correct that I'm probably mixing up 2 things but I'm trying retain all 
the info that you and Ranier have each given but sometimes it would appear to 
me to be confusing.

Lastly, let me state again my apologies.  It is NOT my intent to waste the time 
of you or anyone else on this list just trying to get some help.

I will try again in the morning.  

Regards.



From: André Warnier [...@ice-sa.com]
Sent: Wednesday, June 02, 2010 16:29
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Savoy, Melinda wrote:
> I finally got my Windows 2003 development box setup with the Tomcat Connector 
> and IIS 6.0.  The following is my setup:
>
> In the server.xml file I have the following in the HOST element:
>
> 
>unpackWARs="false" autoDeploy="false"
> xmlValidation="false" xmlNamespaceAware="false">
>
> 
> 
>
> 
> 
>
>   
>
>  unpackWARs="true" autoDeploy="false"
> xmlValidation="false" xmlNamespaceAware="false">
>
> scmisdev

not necessary, since this is already the hostname

> scmisdev.texashealth.org
>   

Why this second Host anyway ?

>
> In my uriworkermap.properties file:
>
> /scmisdev/*=scmisWorker
> /scmisdev/*.jsp=scmisWorker
> /scmisdev/servlet/*=scmisWorker

the first one covers the other 2, so why have them ?

>
> In my workers.properties file:
>
> # workers.properties from = 
> http://onjava.com/pub/a/onjava/2002/12/18/tomcat.html
> #
> # This file provides minimal jk configuration properties needed to
> # connect to Tomcat.
> #
> # The workers that jk should create and work with
>
> worker.list=scmisWorker
>
> #
> # Defining a worker named ajp13w and of type ajp13
> # Note that the name and the type do not have to match.
> #
> worker.scmisWorker.port=8009
> worker.scmisWorker.host=localhost
> worker.scmisWorker.type=ajp13
>
> In IIS I have the Default Web Site setup with:
>
> ISAPI Filters:  jakarta and it points to C:\Server\Tomcat 
> 6.0\bin\isapi_redirect.dll
> And the Directory Security is:  Enable anonymous access (checked only)
>
> In IIS I have the jakarta virtual directory setup with:
>
> Where the local path is:  C:\Server\Tomcat 6.0\bin
> And the Directory Security is:  Integrated Windows authentication (checked 
> only)
>
> In IIS I have the scmisdev virtual directory setup with:
>
> Where the local path is:  C:\Server\Tomcat 6.0\scmisapp\ROOT\WEB-INF (points 
> to WEB-INF directory)
> And the Directory Security is:  Integrated Windows authentication (checked 
> only)

It seems that you have not learned a lot, or forgotten what you
previously learned.

Why do you need this last "virtual directory" in IIS ?
The "jakarta" virtual directory will already re-direct (or rather
"proxy") all the calls to "/scmisdev/*" to Tomcat.
You do not want IIS to go directly put its nose in the Tomcat
directories.  You want it to go through the isapi redirector for that,
which you already do with the jakarta virtual directory setup.

>
> However my result when going to URL  http://localhost/scmisdev is:
>
> HTTP Status 404 - /scmisdev/
>
> Type Status report
>
> Message /scmisdev/
>
> Description The requested resource (/scmisdev/) is not available.
>
> Any suggestions or direction would be greatly appreciated.

Ok, what does this error page look like ? Does it look like a Tomcat
error page ?

Melinda, it see

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Thanks Terence.  Actually I had that in my JSP page (with the "=") but I did 
not put it below.  My apologies.


-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Friday, May 28, 2010 8:00 AM
To: Tomcat Users List
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Hi, Melinda-

It may be helpful to try that again with the JSP expression syntax:

<%= request.getRemoteUser() %>

Notice the '=' after the first '%'.

-Terence Bandoian

Savoy, Melinda wrote:
> Sorry, I had to leave the office yesterday after I answered part of Ranier's 
> question.
>
> When I inserted the <%request.getRemoteUser()%> in the index.jsp page where 
> that is the only thing on my page, I saw in my browser this error:  Error The 
> SCMWeb Inventory/Purchasing web application has encountered the following 
> error: (did not show an error).
>   

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

One more interesting bit of info is that in my console in Eclipse when 
debugging my application I saw the following error regarding HTTP:

06:38:31,688 FAIL  [HttpFilter] GET /SCMIS/index.jsp HTTP/1.1
accept: */*
accept-language: en-us
connection: Keep-Alive
host: localhost
user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; 
.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET 
CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
authorization: Negotiate 
TlRMTVNTUAADAEgASABIAEgASABIBcKIogUBKAoP
accept-encoding: gzip, deflate
content-length: 0

Any suggestions?  It is not very informative as to what caused the failure.

Thanks.

-Original Message-
From: Savoy, Melinda
Sent: Friday, May 28, 2010 6:44 AM
To: 'Tomcat Users List'
Subject: RE: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

Sorry, I had to leave the office yesterday after I answered part of Ranier's 
question.

When I inserted the <%request.getRemoteUser()%> in the index.jsp page where 
that is the only thing on my page, I saw in my browser this error:  Error The 
SCMWeb Inventory/Purchasing web application has encountered the following 
error: (did not show an error).

I got the following in my isapi.log:

[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_isapi_plugin.c (1835): 
Filter started
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (1168): 
File c:\server\Tomcat 6.0\conf\uriworkermap.properties is not modified
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (1036): 
Attempting to map URI '/localhost/SCMIS/index.jsp' from 3 maps
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_uri_worker_map.c (863): 
Found a wildchar match '/SCMIS/*.jsp=scmisWorker'
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_isapi_plugin.c (1916): 
check if [/SCMIS/index.jsp] points to the web-inf directory
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_isapi_plugin.c (1932): 
[/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
[Fri May 28 06:38:22.938 2010] [1584:5036] [debug] jk_isapi_plugin.c (1972): 
fowarding escaped URI [/SCMIS/index.jsp]
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_isapi_plugin.c (1835): 
Filter started
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_uri_worker_map.c (1036): 
Attempting to map URI '/localhost/SCMIS/index.jsp' from 3 maps
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_uri_worker_map.c (863): 
Found a wildchar match '/SCMIS/*.jsp=scmisWorker'
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_isapi_plugin.c (1916): 
check if [/SCMIS/index.jsp] points to the web-inf directory
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_isapi_plugin.c (1932): 
[/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_isapi_plugin.c (1972): 
fowarding escaped URI [/SCMIS/index.jsp]
[Fri May 28 06:38:22.953 2010] [1584:5036] [debug] jk_worker.c (339): 
Maintaining worker scmisWorker
[Fri May 28 

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

6E 20 69 64 3D 22 6C 6F 67 6F 73  - H
[Fri May 28 06:38:31.766 2010] [1584:5036] [debug] jk_ajp_common.c (1336): 03d0 
   65 6C 70 3C 2F 61 3E 20 7C 20 3C 61 20 68 72 65  - elp.|.Contact


-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de]
Sent: Thursday, May 27, 2010 10:17 AM
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

On 27.05.2010 16:42, Savoy, Melinda wrote:
> In my isapi.log I am getting the user value (indicated below in BOLD RED 
> font) from IIS using the Tomcat connector and my understanding from others on 
> this list is that I should be able to get at that user value by using the 
> HttpServletRequest getRemoteUser() however, I am getting a NULL value when 
> doing that.  I'm sure I'm doing something stupid but I just can't see it.
>
> Here is what is in my isapi.log:
>
> [Thu May 27 09:11:21.706 2010] [4656:4920] [debug] jk_isapi_plugin.c (3108): 
> Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
> name=localhost port=80 auth=Negotiate user=TEXAS\SavoyM uri=/SCMIS/index.jsp
>
> Here is the code I'm using in Java to get at the user value above:
>
> public User authenticate(final HttpServletRequest request, final 
> HttpServletResponse response) throws IOException {
>
>  // Initialize the User object
>  User user = null;
>
>  // 1. Initiate the IIS authentication process.
>  final String auth_user = request.getRemoteUser();
>  final String auth_user2 = 
> request.getUserPrincipal().getName();
>
>  // 2. Create a User object with the user name
>  if (auth_user != null)
>  user = new User(auth_user, "");
>
>  // 3. Check to see if the user is populated
>  if (auth_user == null)
>  throw new UnauthorizedException(response, user);
>
>  // 4. Perform authentication if user not already 
> authenticated
>  if (SecurityContext.getUser(request) == null) {
>  // a. Verify the user credentials
>  if (!manager.verify(user))
>  return null;
>
>  // b. Load the application-managed User object and 
> save into the context
>  user = manager.load(user);
>  SecurityContext.setUser(user, request);
>  return user;
>  }
>
>  return SecurityContext.getUser(request);
>  }
>
> As you can see I've also tried to get to the user by using the 
> getUserPrincipal.getName() but that produces a NPE.
>
> Any help or direction from someone who knows Java would be greatly 
> appreciated.

Please post the complete settings of your AJP Connector element in
server.xml. We want to check your "tomcatAuthentication" setting.

What happens, if you put

<%=request.getremoteUser()%>

as the only content into SCMIS/index.jsp and then request the URL
http://localhost/SCMIS/index.jsp in the browser? How does the above log
line look, and what do you get in the browser window?

Regards,

Rainer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

Here is the AJP setting:




-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Thursday, May 27, 2010 10:17 AM
To: Tomcat Users List
Subject: Re: How can I get the user value in the request forwarded to my Tomcat 
in my Java app?

On 27.05.2010 16:42, Savoy, Melinda wrote:
> In my isapi.log I am getting the user value (indicated below in BOLD RED 
> font) from IIS using the Tomcat connector and my understanding from others on 
> this list is that I should be able to get at that user value by using the 
> HttpServletRequest getRemoteUser() however, I am getting a NULL value when 
> doing that.  I'm sure I'm doing something stupid but I just can't see it.
>
> Here is what is in my isapi.log:
>
> [Thu May 27 09:11:21.706 2010] [4656:4920] [debug] jk_isapi_plugin.c (3108): 
> Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
> name=localhost port=80 auth=Negotiate user=TEXAS\SavoyM uri=/SCMIS/index.jsp
>
> Here is the code I'm using in Java to get at the user value above:
>
> public User authenticate(final HttpServletRequest request, final 
> HttpServletResponse response) throws IOException {
>
>  // Initialize the User object
>  User user = null;
>
>  // 1. Initiate the IIS authentication process.
>  final String auth_user = request.getRemoteUser();
>  final String auth_user2 = 
> request.getUserPrincipal().getName();
>
>  // 2. Create a User object with the user name
>  if (auth_user != null)
>  user = new User(auth_user, "");
>
>  // 3. Check to see if the user is populated
>  if (auth_user == null)
>  throw new UnauthorizedException(response, user);
>
>  // 4. Perform authentication if user not already 
> authenticated
>  if (SecurityContext.getUser(request) == null) {
>  // a. Verify the user credentials
>  if (!manager.verify(user))
>  return null;
>
>  // b. Load the application-managed User object and 
> save into the context
>  user = manager.load(user);
>  SecurityContext.setUser(user, request);
>  return user;
>  }
>
>  return SecurityContext.getUser(request);
>  }
>
> As you can see I've also tried to get to the user by using the 
> getUserPrincipal.getName() but that produces a NPE.
>
> Any help or direction from someone who knows Java would be greatly 
> appreciated.

Please post the complete settings of your AJP Connector element in 
server.xml. We want to check your "tomcatAuthentication" setting.

What happens, if you put

<%=request.getremoteUser()%>

as the only content into SCMIS/index.jsp and then request the URL 
http://localhost/SCMIS/index.jsp in the browser? How does the above log 
line look, and what do you get in the browser window?

Regards,

Rainer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

How can I get the user value in the request forwarded to my Tomcat in my Java app?

[Savoy, Melinda]

In my isapi.log I am getting the user value (indicated below in BOLD RED font) 
from IIS using the Tomcat connector and my understanding from others on this 
list is that I should be able to get at that user value by using the 
HttpServletRequest getRemoteUser() however, I am getting a NULL value when 
doing that.  I'm sure I'm doing something stupid but I just can't see it.

Here is what is in my isapi.log:

[Thu May 27 09:11:21.706 2010] [4656:4920] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
name=localhost port=80 auth=Negotiate user=TEXAS\SavoyM uri=/SCMIS/index.jsp

Here is the code I'm using in Java to get at the user value above:

public User authenticate(final HttpServletRequest request, final 
HttpServletResponse response) throws IOException {

// Initialize the User object
User user = null;

// 1. Initiate the IIS authentication process.
final String auth_user = request.getRemoteUser();
final String auth_user2 = request.getUserPrincipal().getName();

// 2. Create a User object with the user name
if (auth_user != null)
user = new User(auth_user, "");

// 3. Check to see if the user is populated
if (auth_user == null)
throw new UnauthorizedException(response, user);

// 4. Perform authentication if user not already authenticated
if (SecurityContext.getUser(request) == null) {
// a. Verify the user credentials
if (!manager.verify(user))
return null;

// b. Load the application-managed User object and save 
into the context
user = manager.load(user);
SecurityContext.setUser(user, request);
return user;
}

return SecurityContext.getUser(request);
}

As you can see I've also tried to get to the user by using the 
getUserPrincipal.getName() but that produces a NPE.

Any help or direction from someone who knows Java would be greatly appreciated.

Thank you.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: Question on workers.properties file [SOLVED]

[Savoy, Melinda]

Ranier,

I will do as you said and put in a NEW topic because I am getting a NULL value 
from the getRemoteUser() when using the HttpServletRequest object.

Again, the fix was that the JAKARTA virtual website, if you're working in 
Windows XP, must be added to the Trusted Sites in IE.

Thank you so much to both you and Andre for all your help!!  This list is VERY 
HELPFUL.

Regards.

-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Thursday, May 27, 2010 9:29 AM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

I finally suggest you start a new topic. I know André didn't like your 
last attempt to do so, but now your first problem is solved, you get 
something out of request.getRemoteUser() (at least this is something I 
interprete into your last Mail), and the next question goes more to the 
Java developpers instead of connector and web server people. It's likely 
you'll find more readers if you now choose a new appropriate subject for 
your mail.

If you like, you can also send a second Email with "[Solved] " prepended 
to the old subject, and shortly describe which settings finally worked 
for the getremoteUser() part (browser and IIS, virtual websites, which 
auth method). This will help other people in the future.

Regards,

Rainer

On 27.05.2010 16:21, Savoy, Melinda wrote:
> I was FINALLY able to get to my code within Eclipse using the Tomcat 
> connector and NOT getting the login dialog box by adding Jakarta to the 
> trusted sites in the IE browser on my Windows XP box since as I found out 
> from Jeff in the IIS forum browsers do not authenticate untrusted sites on XP.
>
> Now the new issue is that I cannot get to the user value which is 
> "Texas\SavoyM" using the following partial method:
>
> public User authenticate(final HttpServletRequest request, final 
> HttpServletResponse response) throws IOException {
>   
>   // Initialize the User object
>   User user = null;
>   
>   // 1. Initiate the IIS authentication process.
>   final String auth_user = request.getRemoteUser();
>   
>   // 2. Create a User object with the user name
>   if (auth_user != null)
>   user = new User(auth_user, "");
>   
>   // 3. Check to see if the user is populated
>   if (auth_user == null)
>   throw new UnauthorizedException(response, user);
>
> Is there another way to get the user value other than using the 
> HttpServletRequest object?
>
> Thanks.
>
>
> -Original Message-
> From: Savoy, Melinda
> Sent: Wednesday, May 26, 2010 2:12 PM
> To: 'Tomcat Users List'
> Subject: RE: Question on workers.properties file
>
> I did as you suggested below.  I removed SCMIS virtual website from within 
> the jakarta virtual website and I got this in the log:
>
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1835): 
> Filter started
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c 
> (1036): Attempting to map URI '/localhost/SCMIS/index.jsp' from 3 maps
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
> Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
> 'uriworkermap'
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
> Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
> Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
> Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
> 'uriworkermap'
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
> Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (863): 
> Found a wildchar match '/SCMIS/*.jsp=scmisWorker'
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1916): 
> check if [/SCMIS/index.jsp] points to the web-inf directory
> [Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1932): 
> [/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
> [Wed May 26 14:00:09.286 2010] [3036:4236] [debug] jk_isapi_plugin.c (1972): 
> fowarding escaped URI [/SCMIS/index.jsp]
>
> In IIS I changed had the DEFAULT WEBSITE directory security 

RE: Question on workers.properties file

[Savoy, Melinda]

I was FINALLY able to get to my code within Eclipse using the Tomcat connector 
and NOT getting the login dialog box by adding Jakarta to the trusted sites in 
the IE browser on my Windows XP box since as I found out from Jeff in the IIS 
forum browsers do not authenticate untrusted sites on XP.

Now the new issue is that I cannot get to the user value which is 
"Texas\SavoyM" using the following partial method:

public User authenticate(final HttpServletRequest request, final 
HttpServletResponse response) throws IOException {

// Initialize the User object
User user = null;

// 1. Initiate the IIS authentication process.
final String auth_user = request.getRemoteUser();

// 2. Create a User object with the user name
if (auth_user != null)
user = new User(auth_user, "");

// 3. Check to see if the user is populated
if (auth_user == null)
throw new UnauthorizedException(response, user);

Is there another way to get the user value other than using the 
HttpServletRequest object?

Thanks.


-Original Message-
From: Savoy, Melinda 
Sent: Wednesday, May 26, 2010 2:12 PM
To: 'Tomcat Users List'
Subject: RE: Question on workers.properties file

I did as you suggested below.  I removed SCMIS virtual website from within the 
jakarta virtual website and I got this in the log:

[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1835): 
Filter started
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (1036): 
Attempting to map URI '/localhost/SCMIS/index.jsp' from 3 maps
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (863): 
Found a wildchar match '/SCMIS/*.jsp=scmisWorker'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1916): 
check if [/SCMIS/index.jsp] points to the web-inf directory
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1932): 
[/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
[Wed May 26 14:00:09.286 2010] [3036:4236] [debug] jk_isapi_plugin.c (1972): 
fowarding escaped URI [/SCMIS/index.jsp]

In IIS I changed had the DEFAULT WEBSITE directory security back to ANONYMOUS 
access checked only and left the jakarta directory security to windows 
authentication only.  And I got a dialog box to login for authentication 
purposes.  I tried to login and the dialog box just kept coming back.

I guess what I do not understand is HOW does IIS know about my SCMIS website if 
it is NOT included in IIS?  I thought I needed the SCMIS virtual website 
included in IIS in order to retrieve the user id that I am suppose to be 
getting from IIS?  What will my URL be now since I was using  
http://localhost/SCMIS/index.jsp  

Thanks again.

-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Wednesday, May 26, 2010 1:18 PM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

On 26.05.2010 19:53, Savoy, Melinda wrote:
> Ranier - thanks for the reply.
>
> 1.  I just tried this again, but I set all 3 (Default Website, jakarta 
> virtual website and SCMIS virtual website) to Windows Authentication checked 
> and Anonymous access unchecked and I was prompted with a login dialog box.  I 
> could not get authenticated and then I hit cancel and when I did my log 
> showed the following:
>
> [Wed May 26 12:38:41.480 2010] [4684:228] [debug] jk_isapi_plugin.c (3108): 
> Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
> name=localhost port=80 auth=Negotiate user=TEXAS\SavoyM uri=/SCMIS/index.jsp
>
> My objective here is to have IIS authenticate without a user logging in and 
> then I acquire the user value via the getRemoteUser() method.
>
> 2.  I understood that I had to have the website that I am running currently 
&

RE: Question on workers.properties file

[Savoy, Melinda]

I did as you suggested below.  I removed SCMIS virtual website from within the 
jakarta virtual website and I got this in the log:

[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1835): 
Filter started
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (1036): 
Attempting to map URI '/localhost/SCMIS/index.jsp' from 3 maps
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/servlet/*=scmisWorker' source 
'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (850): 
Attempting to map context URI '/SCMIS/*.jsp=scmisWorker' source 'uriworkermap'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_uri_worker_map.c (863): 
Found a wildchar match '/SCMIS/*.jsp=scmisWorker'
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1916): 
check if [/SCMIS/index.jsp] points to the web-inf directory
[Wed May 26 14:00:09.271 2010] [3036:4236] [debug] jk_isapi_plugin.c (1932): 
[/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
[Wed May 26 14:00:09.286 2010] [3036:4236] [debug] jk_isapi_plugin.c (1972): 
fowarding escaped URI [/SCMIS/index.jsp]

In IIS I changed had the DEFAULT WEBSITE directory security back to ANONYMOUS 
access checked only and left the jakarta directory security to windows 
authentication only.  And I got a dialog box to login for authentication 
purposes.  I tried to login and the dialog box just kept coming back.

I guess what I do not understand is HOW does IIS know about my SCMIS website if 
it is NOT included in IIS?  I thought I needed the SCMIS virtual website 
included in IIS in order to retrieve the user id that I am suppose to be 
getting from IIS?  What will my URL be now since I was using  
http://localhost/SCMIS/index.jsp  

Thanks again.

-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Wednesday, May 26, 2010 1:18 PM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

On 26.05.2010 19:53, Savoy, Melinda wrote:
> Ranier - thanks for the reply.
>
> 1.  I just tried this again, but I set all 3 (Default Website, jakarta 
> virtual website and SCMIS virtual website) to Windows Authentication checked 
> and Anonymous access unchecked and I was prompted with a login dialog box.  I 
> could not get authenticated and then I hit cancel and when I did my log 
> showed the following:
>
> [Wed May 26 12:38:41.480 2010] [4684:228] [debug] jk_isapi_plugin.c (3108): 
> Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
> name=localhost port=80 auth=Negotiate user=TEXAS\SavoyM uri=/SCMIS/index.jsp
>
> My objective here is to have IIS authenticate without a user logging in and 
> then I acquire the user value via the getRemoteUser() method.
>
> 2.  I understood that I had to have the website that I am running currently 
> in Tomcat setup as a virtual website in IIS under the jakarta virtual website 
> in IIS so that it would serve up the /SCMIS/*.jsp pages in Tomcat?  Are you 
> saying that is not the case and I can get rid of the SCMIS virtual website?  
> Could this possibly the issue?

I think you don't need it (and thus should get rid of it), but it is not 
related to your auth issue. Keep the jakarta entry, but not the SCMIS 
one below the jakarta one.

> 3.  I remember your previous post but I thought you also said that you got a 
> login prompt which is what I'm trying to avoid.  Again the hope is that IIS 
> can authenticate and forward the user value to Tomcat seamlessly.

Did you notice, that are are other checkboxes you can choose your auth 
style from? I'd try all of those and try to read about their meaning. 
Did you use MSIE or some other browser? Some of the automatic auth 
methods used on Windows might only work with MSIE and maybe only if the 
web server is configured as being trusted in MSIE.

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information t

RE: Question on workers.properties file

[Savoy, Melinda]

Ranier - thanks for the reply.

1.  I just tried this again, but I set all 3 (Default Website, jakarta virtual 
website and SCMIS virtual website) to Windows Authentication checked and 
Anonymous access unchecked and I was prompted with a login dialog box.  I could 
not get authenticated and then I hit cancel and when I did my log showed the 
following:

[Wed May 26 12:38:41.480 2010] [4684:228] [debug] jk_isapi_plugin.c (3108): 
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
name=localhost port=80 auth=Negotiate user=TEXAS\SavoyM uri=/SCMIS/index.jsp

My objective here is to have IIS authenticate without a user logging in and 
then I acquire the user value via the getRemoteUser() method.

2.  I understood that I had to have the website that I am running currently in 
Tomcat setup as a virtual website in IIS under the jakarta virtual website in 
IIS so that it would serve up the /SCMIS/*.jsp pages in Tomcat?  Are you saying 
that is not the case and I can get rid of the SCMIS virtual website?  Could 
this possibly the issue?

3.  I remember your previous post but I thought you also said that you got a 
login prompt which is what I'm trying to avoid.  Again the hope is that IIS can 
authenticate and forward the user value to Tomcat seamlessly.  

Thanks again for the reply and your help.


-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Wednesday, May 26, 2010 11:52 AM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

On 26.05.2010 18:30, Savoy, Melinda wrote:
> Trying again to see if I can respond to Andre's question regarding what my 
> directory structure is in order to help me determine where I've gone wrong in 
> my setup and why I'm not getting the auth and user values in the request that 
> is being forwarded to my Tomcat server.  I can connect via the Tomcat 
> connector to my site successfully however, I cannot authenticate my userid 
> and therefore I cannot get to my application which is dependent on that value 
> so that the authenticated user can access the web app.
>
> Here is my setup:
>
> 1.  Andre, before you ask, I am still waiting on a test Windows 2003 server 
> to be setup where I can test this on a server rather than my XP box as you 
> suggested to me previously, but I'm stuck testing on my Windows XP box until 
> then.
> 2.  Currently I am testing to see if using the Tomcat connector will work on 
> my local Windows XP box.
> 3.  I am testing my web app within Eclipse using Tomcat 6.0 (meaning my web 
> app is a dynamic web project within Eclipse and has been added to the Tomcat 
> server in Eclipse).
> 4.  My URL is:  http://localhost/SCMIS/index.jsp
> 5.  The directory structure on my local box where my web app is located is:  
> C:\Snaps\savoym_remote_scmis_phase5_dev\scmis_phase5_vob and the directories 
> directly under this directory is:
> Build
> Common
> Libraries
> Lookup
> Lost+found
> Maintenance
> PurchaseOrder
> Requisition
> SCMIS (this is the where the JSP's are located and this is the directory that 
> is defined in my SCMIS IIS virtual web site)
> Security
> 6.  In IIS 5.1, on my Windows XP box, the setup is as follows:
> a. Default website has a directory security setting of (Anonymous access - 
> checked)
> b. jakara virtual website has a directory security setting of (Anonymous 
> access - checked)
> c. SCMIS virtual website, within the jakarta virtual website, has a directory 
> security setting of (Windows Authentication - checked)

Does it work, if you switch all of those three to "Anonymous access" 
unchecked and "Windows Authentication" checked?

What is the SCMIS virtual website in IIS for? Are you trying to serve 
static content directly form IIS? If "no", I don't see a reason why you 
would want to have that virtual website. Are you forwarding /SCMIS/* to 
Tomcat, or only JSPs?

As I wrote in a previous post, it didn't work for me when i only 
switched the jakarta virtual website to Windows auth. It only started to 
work, when I changed the default website too.

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on workers.properties file

[Savoy, Melinda]

Trying again to see if I can respond to Andre's question regarding what my 
directory structure is in order to help me determine where I've gone wrong in 
my setup and why I'm not getting the auth and user values in the request that 
is being forwarded to my Tomcat server.  I can connect via the Tomcat connector 
to my site successfully however, I cannot authenticate my userid and therefore 
I cannot get to my application which is dependent on that value so that the 
authenticated user can access the web app.  

Here is my setup:

1.  Andre, before you ask, I am still waiting on a test Windows 2003 server to 
be setup where I can test this on a server rather than my XP box as you 
suggested to me previously, but I'm stuck testing on my Windows XP box until 
then.
2.  Currently I am testing to see if using the Tomcat connector will work on my 
local Windows XP box.
3.  I am testing my web app within Eclipse using Tomcat 6.0 (meaning my web app 
is a dynamic web project within Eclipse and has been added to the Tomcat server 
in Eclipse).
4.  My URL is:  http://localhost/SCMIS/index.jsp
5.  The directory structure on my local box where my web app is located is:  
C:\Snaps\savoym_remote_scmis_phase5_dev\scmis_phase5_vob and the directories 
directly under this directory is:
Build
Common
Libraries
Lookup
Lost+found
Maintenance
PurchaseOrder
Requisition
SCMIS (this is the where the JSP's are located and this is the directory that 
is defined in my SCMIS IIS virtual web site)
Security
6.  In IIS 5.1, on my Windows XP box, the setup is as follows:
a. Default website has a directory security setting of (Anonymous access - 
checked)
b. jakara virtual website has a directory security setting of (Anonymous access 
- checked)
c. SCMIS virtual website, within the jakarta virtual website, has a directory 
security setting of (Windows Authentication - checked)

Thanks for anyone taking the time to read this post and for any help/direction 
anyone can provide.  


From: André Warnier [...@ice-sa.com]
Sent: Monday, May 24, 2010 15:49
To: Tomcat Users List
Subject: Re: Question on workers.properties file

Savoy, Melinda wrote:
> Andre,
>
> Thanks for the reply.  I was finally able to get my the LOG file
> created.  I had NOT setup my virtual website, SCMIS, in addition to
> the JAKARTA virtual website in IIS and consequently I kept using
> Tomcat to authenticate instead of using IIS to do so and it was never
> hitting my website
>
> I think it has something to do with the settings in my IIS setting.  I still 
> cannot get the value from getRemoteUser() because the user is blank as is 
> indicated in the log below.  ANY help/direction would be greatly appreciated.
>
> The URL that I am using to access my SCMIS virtual website is:
> http://localhost/SCMIS/index.jsp
>
> In IIS I have the following:
>
> Default Web Site - Anonymous access checked and Integrated Windows
> authentication unchecked Jakarta - virtual web site and Anonymous
> access checked and Integrated Windows authentication unchecked SCMIS -
> virtual web site and Anonymous access unchecked and Integrated Windows
> authentication checked
>
> I have attached the entries in the log file that just happened:

I think the problem is right there, and in the worker mappings you mentioned 
earlier :

 >> /examples/*=scmisWorker
 >> /examples/*.jsp=scmisWorker
 >> /examples/servlet/*=scmisWorker

Now in your logfile, you have :

[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(850): Attempting to map context URI '/servlet/*=scmisWorker' source 
'uriworkermap'
[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(850): Attempting to map context URI '/*.jsp=scmisWorker' source 'uriworkermap'
[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(863): Found a wildchar match '/*.jsp=scmisWorker'

Assuming the mappings above, then why is it trying to match 
'/servlet/*=scmisWorker'
and
'/*.jsp=scmisWorker'
?
That does not fit.  Those mappings are not in your list above.

Again, I am no expert on IIS or on the Jk redirector in conjunction with it, 
but my little finger tells me that there is something very wrong somewhere.

I have the feeling that your problem is not really related to authentication 
(or the lack of it). It is that there is some confusion as to the proper setup 
of IIS and Tomcat together, and how IIS handles "virtual websites".

Maybe we should restart from the beginning, like here :

When you look at the ...\Tomcat 6.0\webapps directory, what are the 
sub-directories located just below it ?

And , just to gain time, out of these, which is the one that corresponds to the 
application which /should/ be authenticated ?



-

RE: Question on workers.properties file

[Savoy, Melinda]

Ranier,

I do not want the user to get prompted at all.  I need this to work as a single 
sign-on (seamless to the user).  Is that not possible?  I had tested where when 
I got the prompt then I got the Domain\User name but I am needing to avoid the 
login dialog box altogether.

Thank you for taking the time to test and your help.

-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Tuesday, May 25, 2010 5:14 AM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

On 25.05.2010 12:02, André Warnier wrote:
> Melinda,
>
> from one of your previous posts :
>
> In IIS I have the following:
>
> Default Web Site - Anonymous access checked and Integrated Windows
> authentication unchecked
> Jakarta - virtual web site and Anonymous access checked and Integrated
> Windows authentication unchecked
> SCMIS - virtual web site and Anonymous access unchecked and Integrated
> Windows authentication checked
>
> I believe the above is wrong : you should only have the first two.
> The "SCMIS site" should in fact be a "sub-case" of the Jakarta "virtual
> site".
> All this is a bit confusing since we are dealing here with two classes
> of products and two distinct vocabularies : the Microsoft vocabulary for
> IIS (with "virtual websites" etc..), and the vocabulary for Tomcat.

I did a small test on XP using IIS 5.1. I switched the default web site 
*and* the jakarta virtual web site *both* from "Anonymous" to 
"Anonymous" unchecked and "Integrated Windows" checked. With those 
setting I get prompted for User and PW by IIS and the Username is 
forwarded to Tomcat in the usual windows style notation MACHINE\USER. 
When setting tomcatAuthentication="false" on the AJP connector, a call 
to request.getRemoteUser() returns the string "MACHINE\USER" (MACHINE 
and USER replaced by my actual data).

The redirector log contains

Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 
name=localhost port=80 auth=NTLM user=MACHINE\USER uri=/user.jsp

and the Tomcat access log contains the info too:

127.0.0.1 - MACHINE\USER [25/May/2010:12:09:03 +0200] "GET /user.jsp 
HTTP/1.1" 200 21

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on workers.properties file

[Savoy, Melinda]

Andre,

Just to get some clarification.  When you say that SCMIS should be a "sub-case" 
of the Jakarta virtual website, are you saying that SCMIS should be a virtual 
website within the Jakarta virtual website?  

Just want to confirm my understanding.  Thanks again for all your help.

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com] 
Sent: Tuesday, May 25, 2010 5:02 AM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

Melinda,

from one of your previous posts :

In IIS I have the following:

Default Web Site - Anonymous access checked and Integrated Windows 
authentication unchecked
Jakarta - virtual web site and Anonymous access checked and Integrated 
Windows authentication unchecked
SCMIS - virtual web site and Anonymous access unchecked and Integrated 
Windows authentication checked

I believe the above is wrong : you should only have the first two.
The "SCMIS site" should in fact be a "sub-case" of the Jakarta "virtual 
site".
All this is a bit confusing since we are dealing here with two classes 
of products and two distinct vocabularies : the Microsoft vocabulary for 
IIS (with "virtual websites" etc..), and the vocabulary for Tomcat.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on workers.properties file

[Savoy, Melinda]

Yes. dB, we are a microsoft shop for all practical purposes.  We were the first 
Java web app that was created here at our company and now since JCIFS is not 
NTLMv2 compliant we had thought we'd go ahead and use IIS that is being used 
for everything else internet and intranet wise.  

Thanks for the info again.  I had actually emailed you last week asking if the 
web.xml setting were required and you stated they were not.  I think I'm very 
close to getting this IIS-Tomcat integration resolved but if I cannot get it to 
work by the end of the week I'll probably try Waffle.  

There does not seem to be a lot of documentation on the IIS side to make this 
work so it seems to be more complicated than I had anticipated.  I'm trying to 
recheck, as Andre suggested, again tomorrow and hope that I can get this to 
work.  

Regards.

From: dB. [dbl...@dblock.org]
Sent: Monday, May 24, 2010 18:09
To: Tomcat Users List
Subject: RE: Question on workers.properties file

I am curious whether you're using IIS for anything other than single sign-on / 
authentication?

If you're not, check out http://waffle.codeplex.com - there's a new Negotiate 
(Kerberos + NTLM) authenticator. This could remove IIS from your entire picture.

dB. @ dblock.org
Moscow|Geneva|Seattle|New York


-----Original Message-
From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
Sent: Monday, May 24, 2010 7:03 PM
To: Tomcat Users List; Tomcat Users List
Subject: RE: Question on workers.properties file

Andre,

Sorry for creating confusion on the other post.  I will stick with this post as 
well.

I made changes to the setting here:

I think the problem is right there, and in the worker mappings you
mentioned earlier :

 >> /examples/*=scmisWorker
 >> /examples/*.jsp=scmisWorker
 >> /examples/servlet/*=scmisWorker

to

/*=scmisWorker
/*.jsp=scmisWorker
/servlet/*=scmisWorker

That is why in the log that I had sent stated it as such.  I have looked on the 
Apache Tomcat website to find documentation on the setup of IIS with Tomcat.  I 
made the change above because I had forgotten to change it from the example 
that I found in the documentation, again my apologies for that.

Given the settings that I identified in IIS I can not get authenticated.  That 
is why I think it is an authentication issue.  I have gone back and checked 
each setting but cannot find a problem.  That is why I sent my setting so that 
perhaps someone on this list might see something that I have overlooked.

I'll keep trying.  Thanks.

From: André Warnier [...@ice-sa.com]
Sent: Monday, May 24, 2010 15:49
To: Tomcat Users List
Subject: Re: Question on workers.properties file

Savoy, Melinda wrote:
> Andre,
>
> Thanks for the reply.  I was finally able to get my the LOG file created.  I 
> had NOT setup my virtual website, SCMIS, in addition to the JAKARTA virtual 
> website in IIS and consequently I kept using Tomcat to authenticate instead 
> of using IIS to do so and it was never hitting my website
>
> I think it has something to do with the settings in my IIS setting.  I still 
> cannot get the value from getRemoteUser() because the user is blank as is 
> indicated in the log below.  ANY help/direction would be greatly appreciated.
>
> The URL that I am using to access my SCMIS virtual website is:  
> http://localhost/SCMIS/index.jsp
>
> In IIS I have the following:
>
> Default Web Site - Anonymous access checked and Integrated Windows 
> authentication unchecked
> Jakarta - virtual web site and Anonymous access checked and Integrated 
> Windows authentication unchecked
> SCMIS - virtual web site and Anonymous access unchecked and Integrated 
> Windows authentication checked
>
> I have attached the entries in the log file that just happened:

I think the problem is right there, and in the worker mappings you
mentioned earlier :

 >> /examples/*=scmisWorker
 >> /examples/*.jsp=scmisWorker
 >> /examples/servlet/*=scmisWorker

Now in your logfile, you have :

[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(850): Attempting to map context URI '/servlet/*=scmisWorker' source
'uriworkermap'
[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(850): Attempting to map context URI '/*.jsp=scmisWorker' source
'uriworkermap'
[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(863): Found a wildchar match '/*.jsp=scmisWorker'

Assuming the mappings above, then why is it trying to match
'/servlet/*=scmisWorker'
and
'/*.jsp=scmisWorker'
?
That does not fit.  Those mappings are not in your list above.

Again, I am no expert on IIS or on the Jk redirector in conjunction with
it, but my little finger tells me that there is so

RE: Question on workers.properties file

[Savoy, Melinda]

Andre,

Sorry for creating confusion on the other post.  I will stick with this post as 
well.

I made changes to the setting here:

I think the problem is right there, and in the worker mappings you
mentioned earlier :

 >> /examples/*=scmisWorker
 >> /examples/*.jsp=scmisWorker
 >> /examples/servlet/*=scmisWorker

to 

/*=scmisWorker
/*.jsp=scmisWorker
/servlet/*=scmisWorker

That is why in the log that I had sent stated it as such.  I have looked on the 
Apache Tomcat website to find documentation on the setup of IIS with Tomcat.  I 
made the change above because I had forgotten to change it from the example 
that I found in the documentation, again my apologies for that.

Given the settings that I identified in IIS I can not get authenticated.  That 
is why I think it is an authentication issue.  I have gone back and checked 
each setting but cannot find a problem.  That is why I sent my setting so that 
perhaps someone on this list might see something that I have overlooked.  

I'll keep trying.  Thanks.

From: André Warnier [...@ice-sa.com]
Sent: Monday, May 24, 2010 15:49
To: Tomcat Users List
Subject: Re: Question on workers.properties file

Savoy, Melinda wrote:
> Andre,
>
> Thanks for the reply.  I was finally able to get my the LOG file created.  I 
> had NOT setup my virtual website, SCMIS, in addition to the JAKARTA virtual 
> website in IIS and consequently I kept using Tomcat to authenticate instead 
> of using IIS to do so and it was never hitting my website
>
> I think it has something to do with the settings in my IIS setting.  I still 
> cannot get the value from getRemoteUser() because the user is blank as is 
> indicated in the log below.  ANY help/direction would be greatly appreciated.
>
> The URL that I am using to access my SCMIS virtual website is:  
> http://localhost/SCMIS/index.jsp
>
> In IIS I have the following:
>
> Default Web Site - Anonymous access checked and Integrated Windows 
> authentication unchecked
> Jakarta - virtual web site and Anonymous access checked and Integrated 
> Windows authentication unchecked
> SCMIS - virtual web site and Anonymous access unchecked and Integrated 
> Windows authentication checked
>
> I have attached the entries in the log file that just happened:

I think the problem is right there, and in the worker mappings you
mentioned earlier :

 >> /examples/*=scmisWorker
 >> /examples/*.jsp=scmisWorker
 >> /examples/servlet/*=scmisWorker

Now in your logfile, you have :

[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(850): Attempting to map context URI '/servlet/*=scmisWorker' source
'uriworkermap'
[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(850): Attempting to map context URI '/*.jsp=scmisWorker' source
'uriworkermap'
[Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c
(863): Found a wildchar match '/*.jsp=scmisWorker'

Assuming the mappings above, then why is it trying to match
'/servlet/*=scmisWorker'
and
'/*.jsp=scmisWorker'
?
That does not fit.  Those mappings are not in your list above.

Again, I am no expert on IIS or on the Jk redirector in conjunction with
it, but my little finger tells me that there is something very wrong
somewhere.

I have the feeling that your problem is not really related to
authentication (or the lack of it). It is that there is some confusion
as to the proper setup of IIS and Tomcat together, and how IIS handles
"virtual websites".

Maybe we should restart from the beginning, like here :

When you look at the ...\Tomcat 6.0\webapps directory, what are the
sub-directories located just below it ?

And , just to gain time, out of these, which is the one that corresponds
to the application which /should/ be authenticated ?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

IIS Authentication for Single-Signon

[Savoy, Melinda]

I started a post last week on the WORKERS.PROPERTIES file but that post got to 
be very long.  After getting answers from those on this list to help me resolve 
the issue with the worker.properties file.

I would like to submit another question on resolving IIS authentication in 
helping me retrieve the User ID via the getRemoteUser() method but I keep 
getting a NULL value.  The IISAPI.LOG below shows that the "user" variable is 
NOT being populated however, when INTEGRATED WINDOWS AUTHENTICATION is checked 
in the Jakarta virtual website then I get prompted then the "user" variable is 
populated when I click cancel in the dialog box.  Any help/direction would be 
greatly appreciated.

If more info is required to help resolve this issue please let me know.  THANKS.

In my server.xml file I have the following connectors defined:





In IIS I have the following defined:

1.  Default Web Site - Anonymous access checked and Integrated Windows 
authentication unchecked
2.  Jakarta - virtual web site and Anonymous access checked and Integrated 
Windows authentication unchecked
3.  SCMIS - virtual web site and Anonymous access unchecked and Integrated 
Windows authentication checked

Given the settings in IIS above I am getting the following in my log:

[Mon May 24 13:33:57.578 2010] [8124:7912] [debug] jk_util.c (459): 
Pre-processed log time stamp format is '[%a %b %d %H:%M:%S.000 %Y] '
[Mon May 24 13:33:57.578 2010] [8124:7912] [info] jk_isapi_plugin.c (2403): 
Starting Jakarta/ISAPI/isapi_redirector/1.2.30
[Mon May 24 13:33:57.578 2010] [8124:7912] [debug] jk_isapi_plugin.c (2421): 
Detected IIS version 5.1
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2423): 
Using ini file C:\server\Tomcat 6.0\conf\isapi_redirect.properties.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2429): 
Using log file c:\server\Tomcat 6.0\logs\iisapi.log.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2430): 
Using log level 1.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2431): 
Using extension uri /jakarta/isapi_redirect.dll.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2432): 
Using worker file c:\server\Tomcat 6.0\conf\workers.properties.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2433): 
Using worker mount file c:\server\Tomcat 6.0\conf\uriworkermap.properties.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2435): 
Using rewrite rule file .
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2437): 
Using uri select 3.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2438): 
Using no chunked encoding.
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2440): 
Using notification event SF_NOTIFY_AUTH_COMPLETE (0x0400)
[Mon May 24 13:33:57.593 2010] [8124:7912] [debug] jk_isapi_plugin.c (2450): 
Using uri header TOMCATURI6A6B:.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_isapi_plugin.c (2451): 
Using query header TOMCATQUERY6A6B:.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_isapi_plugin.c (2452): 
Using worker header TOMCATWORKER6A6B:.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_isapi_plugin.c (2453): 
Using worker index TOMCATWORKERIDX6A6B:.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_isapi_plugin.c (2454): 
Using translate header TOMCATTRANSLATE6A6B:.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_isapi_plugin.c (2455): 
Using a default of 250 connections per pool.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_map.c (491): Adding 
property '/*' with value 'scmisWorker' to map.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_map.c (491): Adding 
property '/*.jsp' with value 'scmisWorker' to map.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_map.c (491): Adding 
property '/servlet/*' with value 'scmisWorker' to map.
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_uri_worker_map.c (1102): 
Loading urimaps from c:\server\Tomcat 6.0\conf\uriworkermap.properties with 
reload check interval 60 seconds
[Mon May 24 13:33:57.609 2010] [8124:7912] [debug] jk_uri_worker_map.c (720): 
wildchar rule '/*=scmisWorker' source 'uriworkermap' was added
[Mon May 24 13:33:57.624 2010] [8124:7912] [debug] jk_uri_worker_map.c (720): 
wildchar rule '/*.jsp=scmisWorker' source 'uriworkermap' was added
[Mon May 24 13:33:57.624 2010] [8124:7912] [debug] jk_uri_worker_map.c (720): 
wildchar rule '/servlet/*=scmisWorker' source 'uriworkermap' was added
[Mon May 24 13:33:57.624 2010] [8124:7912] [debug] jk_uri_worker_map.c (171): 
uri map dump after file load: index=0 file='c:\server\Tomcat 
6.0\conf\uriworkermap.properties' reject_unsafe=0 reload=60 modified=1274705470 
checked=1274726037
[Mon May 24 13:33:57.624 2010] [8124:7912] [debug] jk_uri_worker_map.c (176): 
generation 0: size=0 nosize=0 capacity=0
[Mon May 24 13:

RE: Question on workers.properties file

[Savoy, Melinda]

4:7912] [trace] jk_ajp_common.c (1340): exit
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_ajp_common.c (1781): enter
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_isapi_plugin.c (1215): 
enter
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_isapi_plugin.c (1185): 
enter
[Mon May 24 10:10:02.953 2010] [8124:7912] [debug] jk_isapi_plugin.c (1188): 
Writing 1095 bytes of data to client
[Mon May 24 10:10:02.953 2010] [8124:7912] [debug] jk_isapi_plugin.c (1201): 
Wrote 1095 bytes of data successfully
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_isapi_plugin.c (1203): 
exit
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_isapi_plugin.c (1322): 
exit
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_ajp_common.c (1965): exit
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_ajp_common.c (1211): enter
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_connect.c (889): enter
[Mon May 24 10:10:02.953 2010] [8124:7912] [trace] jk_connect.c (918): exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_connect.c (889): enter
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_connect.c (918): exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [debug] jk_ajp_common.c (1336): 
received from ajp13 pos=0 len=2 max=8192
[Mon May 24 10:10:02.968 2010] [8124:7912] [debug] jk_ajp_common.c (1336):  
   05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  - 
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (1340): exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (1781): enter
[Mon May 24 10:10:02.968 2010] [8124:7912] [debug] jk_ajp_common.c (1940): 
AJP13 protocol: Reuse is OK
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_isapi_plugin.c (1337): 
enter
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_isapi_plugin.c (1343): 
exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (1954): exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (2114): exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (2455): exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [debug] jk_isapi_plugin.c (2185): 
service() returned OK
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (2980): enter
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (754): enter
[Mon May 24 10:10:02.968 2010] [8124:7912] [debug] jk_ajp_common.c (757): 
(scmisWorker) resetting endpoint with sd = 2116
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (764): exit
[Mon May 24 10:10:02.968 2010] [8124:7912] [debug] jk_ajp_common.c (3010): 
recycling connection pool slot=0 for worker scmisWorker
[Mon May 24 10:10:02.968 2010] [8124:7912] [trace] jk_ajp_common.c (3013): exit
[Mon May 24 10:10:02.984 2010] [8124:7912] [trace] jk_isapi_plugin.c (2226): 
exit

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Monday, May 24, 2010 9:39 AM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

Hi.

Your general settings look ok to me.
See in text.

Savoy, Melinda wrote:
> Ranier,
>
> Again, thanks for the reply below.  Apparently I do not have something setup 
> correctly because I cannot get a LOG file created when I execute a single 
> request that is a valid login ID.

What is the exact URL you are trying ?
(just to check if it is supposed to go through the re-director)

  I'm sure I've setup something incorrectly and any help/direction would
be greatly appreciated.
>
> Here are my settings in the following files (server.xml, 
> isapi_redirect.properties file, uriworkermap.properties file and 
> workers.properties file):
>
> Server.xml:
>
> 
>
> 
> 
>
>
> 
> connectionTimeout="2"
>redirectPort="8443" />
> 
> 
> 
> 
>
> 
>  tomcatAuthentication="false" />
>
> 
>
> 
> 
>
>   
>   
>
>   
>   
>
>   
> resourceName="UserDatabase"/>
>
>   
>unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
>
> 
> 
>
> 
> 
>
>   
> 
>   
>
> In my isapi_redirect.properties file:
>
> # Configuration file for the Jakarta ISAPI Redirector
>
> # The path to the ISAPI Redirector Extension, relative to the website
> # This must be in a virtual directory with executive privileges
> extension_uri=/jakarta/isapi_redirect.dll
>
> # Full path to the log file for the ISAPI Redirector
> log_file=c:\server\Tomcat 6.0\logs\iisapi.log

This probably works, but I personally dislike paths with spaces in them,
because they always bit

RE: Question on workers.properties file

[Savoy, Melinda]

Ranier,

Again, thanks for the reply below.  Apparently I do not have something setup 
correctly because I cannot get a LOG file created when I execute a single 
request that is a valid login ID.  I'm sure I've setup something incorrectly 
and any help/direction would be greatly appreciated.

Here are my settings in the following files (server.xml, 
isapi_redirect.properties file, uriworkermap.properties file and 
workers.properties file):

Server.xml:


  







   








 


  
  

  
  

  
  

  
  







  

  

In my isapi_redirect.properties file:

# Configuration file for the Jakarta ISAPI Redirector

# The path to the ISAPI Redirector Extension, relative to the website
# This must be in a virtual directory with executive privileges
extension_uri=/jakarta/isapi_redirect.dll

# Full path to the log file for the ISAPI Redirector
log_file=c:\server\Tomcat 6.0\logs\iisapi.log

# Log level (debug, info, warn, error or trace)
log_level=trace

# Full path to the workers.properties file
worker_file=c:\server\Tomcat 6.0\conf\workers.properties

# Full path to the uriworkermap.properties file
worker_mount_file=c:\server\Tomcat 6.0\conf\uriworkermap.properties

In my uriworkermap.properties file:

# uriworkermap.properties - IIS settings from 
http://onjava.com/pub/a/onjava/2002/12/18/tomcat.html?page=2 
#
# This file provides sample mappings for example wlb
# worker definted in workermap.properties.minimal
# The general syntax for this file is:
# [URL]=[Worker name]

/examples/*=scmisWorker
/examples/*.jsp=scmisWorker
/examples/servlet/*=scmisWorker

#/admin/*=wlb
#/manager/*=wlb
#/examples/*=wlb
#/servlets-examples/*=wlb
# Optionally filter out all .jpeg files inside that context
# For no mapping the url has to start with exclamation(!)

#!/servlets-examples/*.jpeg=wlb

#
# Mount jkstatus to /jkmanager
# For production servers you will need to 
# secure the access to the /jkmanager url
#
#/jkmanager=jkstatus

In my workers.properties file:

# workers.properties from = 
http://onjava.com/pub/a/onjava/2002/12/18/tomcat.html
#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# The workers that jk should create and work with

#worker.list=wlb,jkstatus
worker.list=scmisWorker

#
# Defining a worker named ajp13w and of type ajp13
# Note that the name and the type do not have to match.
#
#worker.ajp13w.type=ajp13
#worker.ajp13w.host=localhost
#worker.ajp13w.port=8009
worker.scmisWorker.port=8009
worker.scmisWorker.host=localhost
worker.scmisWorker.type=ajp13

#
# Defining a load balancer
#

#worker.wlb.type=lb
#worker.wlb.balance_workers=ajp13w


#
# Define status worker
#
#worker.jkstatus.type=status



-Original Message-
From: Rainer Jung [mailto:rainer.j...@kippdata.de] 
Sent: Thursday, May 20, 2010 3:55 PM
To: Tomcat Users List
Subject: Re: Question on workers.properties file

Hi André, Melinda and everyone else,

On 20.05.2010 14:31, André Warnier wrote:
> savoym wrote:
> I Rainer Jung is around, he may tell us if my assumptions are correct,
> that IIS+redirector also sends the IIS user-id to Tomcat, if there is any.
>
> If not, then tonight I might be able to send you a servlet filter to
> dump the HTTP headers of the requests sent by IIS to Tomcat, to see if
> there is a user-id in there somewhere. Unless you have already checked
> that ?

I checked before my original reply and it seems the IIS variable 
"AUTH_USER" is automatically forwarded by the isapi plugin. When setting 
tomcatAuthentication="false" on the AJP connector (!), the value can be 
retrieved by the getRemoteUser() method.

I would set the log level of the redirector to "trace" on an idle test 
environment and then do a single request there that is expected to be 
authenticated. The log lines in the redirector log should tell us, what 
is actually being forwarded (lots of log lines, but lots of info too).

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question on workers.properties file

[Savoy, Melinda]

Ranier,

Thank you so much for your response.  I will am out of town until Monday but I 
will try it then.

Again, many thanks.  Regards.

From: Rainer Jung [rainer.j...@kippdata.de]
Sent: Thursday, May 20, 2010 15:55
To: Tomcat Users List
Subject: Re: Question on workers.properties file

Hi André, Melinda and everyone else,

On 20.05.2010 14:31, André Warnier wrote:
> savoym wrote:
> I Rainer Jung is around, he may tell us if my assumptions are correct,
> that IIS+redirector also sends the IIS user-id to Tomcat, if there is any.
>
> If not, then tonight I might be able to send you a servlet filter to
> dump the HTTP headers of the requests sent by IIS to Tomcat, to see if
> there is a user-id in there somewhere. Unless you have already checked
> that ?

I checked before my original reply and it seems the IIS variable
"AUTH_USER" is automatically forwarded by the isapi plugin. When setting
tomcatAuthentication="false" on the AJP connector (!), the value can be
retrieved by the getRemoteUser() method.

I would set the log level of the redirector to "trace" on an idle test
environment and then do a single request there that is expected to be
authenticated. The log lines in the redirector log should tell us, what
is actually being forwarded (lots of log lines, but lots of info too).

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Question regarding IIS Windows Authentication using Tomcat Connector

[Savoy, Melinda]

Thanks for the reply.  2 more questions if you don't mind:

1.  Just wanted to confirm that Waffle does support NTLMv2?  We do not use 
Kerberos on our network.  
2.  Are the web.xml settings required?  Again, we have our own custom 
security package and it is defined in the web.xml file.  As stated previously, 
I do not have time to rewrite the security code in order to accommodate a 
product that requires that we use their setting in web.xml.

Just an FYI, in JCIFS, we are able to acquire the domain and user from the 
Type3Message class.  JCIFS uses the challenge-response paradigm.

Thanks for the work that you're doing.  More and more java web teams will need 
something like this as their companies move over to products like Windows 7 
where NTLMv1 is no longer acceptable.

Regards.

-Original Message-
From: dB. [mailto:dbl...@dblock.org] 
Sent: Thursday, May 20, 2010 9:10 AM
To: Tomcat Users List
Subject: RE: Question regarding IIS Windows Authentication using Tomcat 
Connector

FQN = fully qualified name (it's unambiguous, usually machine-name\username or 
domain-name\username). It's there and returned by the Waffle tomcat 
authenticator.

But names may change (people get married, groups renamed), so Windows has a 
concept of SID, it's a binary identifier (S-xyz), that never changes and is 
unique. So permissions are typically done with that rather than with fully 
qualified names. There's a bit of work left in Waffle to expose SIDs in the 
principal object(s).

I have no idea what JCIFS can or cannot do for you, but mixing IIS and Tomcat 
seems like a suboptimal way to go, to say the least. Waffle theoretically 
should resolve this, but your specific application is what really matters.

dB. @ dblock.org 
Moscow|Geneva|Seattle|New York


-----Original Message-
From: Savoy, Melinda [mailto:melindasa...@texashealth.org] 
Sent: Thursday, May 20, 2010 9:16 AM
To: 'Tomcat Users List'
Subject: RE: Question regarding IIS Windows Authentication using Tomcat 
Connector

I did see your post from Nabble and I appreciate it.  I will hopefully get an 
opp to try it today if I cannot get an answer to my issue.  

A few questions on your post below, and pardon my ignorance, but what is a 
user's FQN, are you stating that Waffle does NOT provide a user id from the 
request, are the WEB.XML settings required?  Why I ask about the web.xml 
settings is because our former team lead created an underlying SECURITY package 
that is the foundation of our web app.  Unfortunately, he is no longer here and 
I do not have time to re-write our app.  He wrote this to do multiple things:

1.  Used as a wrapper around JCIFS.  
2.  Used for other security layers to acquire security info from our legacy 
system.  

I just setup the Apache Tomcat Connector setup on Tuesday and are you stating 
that you've used IIS Tomcat integration (Apache Tomcat Connector) and you could 
not get the userid info either from the client request?

Thanks again for your post.  

-Original Message-
From: dB. [mailto:dbl...@dblock.org] 
Sent: Thursday, May 20, 2010 7:53 AM
To: Tomcat Users List
Subject: RE: Question regarding IIS Windows Authentication using Tomcat 
Connector

I just posted about this :)

Instead of using IIS, you should take a look at the Waffle Tomcat Authenticator 
(http://waffle.codeplex.com). Currently it stores a Generic principal with the 
user's FQN and all local/domain groups, but that can certainly be extended to a 
much richer principal with all kinds of information that Windows provides (such 
as SID).

dB. @ dblock.org 
Moscow|Geneva|Seattle|New York



-Original Message-
From: Savoy, Melinda [mailto:melindasa...@texashealth.org] 
Sent: Thursday, May 20, 2010 8:45 AM
To: 'users@tomcat.apache.org'
Subject: Question regarding IIS Windows Authentication using Tomcat Connector

I have a Java web app whereby we have been using the JCIFS open source 
authentication package that uses NTLMv1 over the past 5 years and it's been 
working great.  However, some of our users are now using Windows 7 that does 
not accept NTLMv1 authentication and now I'm looking at IIS in order to 
authenticate our users.  I used the Apache Tomcat Connector and got that setup 
however, I am having issues in retrieving the authentication property for the 
USERID of the client making the request which I understood IIS provides.  On 
the Apache Tomcat Connector documentation it only states how to setup the IIS 
Tomcat integration which is working great but it does NOT provide the 
information, from a Java perspective, on how to retrieve from the request the 
userid info. I have tried the HttpServletRequest object but when I use the 
getRemoteUser() method I get a NULL value.  I realize I must be doing something 
wrong but I have no idea what.
If anyone has accomplished this or can provide information on this it would be 
greatly appreciated.  

RE: Question regarding IIS Windows Authentication using Tomcat Connector

[Savoy, Melinda]

I did see your post from Nabble and I appreciate it.  I will hopefully get an 
opp to try it today if I cannot get an answer to my issue.  

A few questions on your post below, and pardon my ignorance, but what is a 
user's FQN, are you stating that Waffle does NOT provide a user id from the 
request, are the WEB.XML settings required?  Why I ask about the web.xml 
settings is because our former team lead created an underlying SECURITY package 
that is the foundation of our web app.  Unfortunately, he is no longer here and 
I do not have time to re-write our app.  He wrote this to do multiple things:

1.  Used as a wrapper around JCIFS.  
2.  Used for other security layers to acquire security info from our legacy 
system.  

I just setup the Apache Tomcat Connector setup on Tuesday and are you stating 
that you've used IIS Tomcat integration (Apache Tomcat Connector) and you could 
not get the userid info either from the client request?

Thanks again for your post.  

-Original Message-
From: dB. [mailto:dbl...@dblock.org] 
Sent: Thursday, May 20, 2010 7:53 AM
To: Tomcat Users List
Subject: RE: Question regarding IIS Windows Authentication using Tomcat 
Connector

I just posted about this :)

Instead of using IIS, you should take a look at the Waffle Tomcat Authenticator 
(http://waffle.codeplex.com). Currently it stores a Generic principal with the 
user's FQN and all local/domain groups, but that can certainly be extended to a 
much richer principal with all kinds of information that Windows provides (such 
as SID).

dB. @ dblock.org 
Moscow|Geneva|Seattle|New York



-Original Message-----
From: Savoy, Melinda [mailto:melindasa...@texashealth.org] 
Sent: Thursday, May 20, 2010 8:45 AM
To: 'users@tomcat.apache.org'
Subject: Question regarding IIS Windows Authentication using Tomcat Connector

I have a Java web app whereby we have been using the JCIFS open source 
authentication package that uses NTLMv1 over the past 5 years and it's been 
working great.  However, some of our users are now using Windows 7 that does 
not accept NTLMv1 authentication and now I'm looking at IIS in order to 
authenticate our users.  I used the Apache Tomcat Connector and got that setup 
however, I am having issues in retrieving the authentication property for the 
USERID of the client making the request which I understood IIS provides.  On 
the Apache Tomcat Connector documentation it only states how to setup the IIS 
Tomcat integration which is working great but it does NOT provide the 
information, from a Java perspective, on how to retrieve from the request the 
userid info. I have tried the HttpServletRequest object but when I use the 
getRemoteUser() method I get a NULL value.  I realize I must be doing something 
wrong but I have no idea what.
If anyone has accomplished this or can provide information on this it would be 
greatly appreciated.  I've posted on a number of Tomcat forums but cannot get a 
response to this issue.  Any help/direction, again, would be appreciated.
I forgot to mention that I am using my local Windows XP Pro box with IIS v5.1 
in the event that info is needed to answer my question.
Thanks so much.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org<mailto:melindasa...@texashealth.org>

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.
No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 9.0.819 / Virus Database: 271.1.1/2884 - Release Date: 05/19/10 
14:26:00

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To unsubscribe, e-mail: user

Question regarding IIS Windows Authentication using Tomcat Connector

[Savoy, Melinda]

I have a Java web app whereby we have been using the JCIFS open source 
authentication package that uses NTLMv1 over the past 5 years and it's been 
working great.  However, some of our users are now using Windows 7 that does 
not accept NTLMv1 authentication and now I'm looking at IIS in order to 
authenticate our users.  I used the Apache Tomcat Connector and got that setup 
however, I am having issues in retrieving the authentication property for the 
USERID of the client making the request which I understood IIS provides.  On 
the Apache Tomcat Connector documentation it only states how to setup the IIS 
Tomcat integration which is working great but it does NOT provide the 
information, from a Java perspective, on how to retrieve from the request the 
userid info. I have tried the HttpServletRequest object but when I use the 
getRemoteUser() method I get a NULL value.  I realize I must be doing something 
wrong but I have no idea what.
If anyone has accomplished this or can provide information on this it would be 
greatly appreciated.  I've posted on a number of Tomcat forums but cannot get a 
response to this issue.  Any help/direction, again, would be appreciated.
I forgot to mention that I am using my local Windows XP Pro box with IIS v5.1 
in the event that info is needed to answer my question.
Thanks so much.

Melinda Savoy
Sr. Programmer Analyst, ERP Systems
Innovative Technology Solutions
Texas Health Resources
600 E. Lamar Blvd, Ste 301, Arlington TX  76011
melindasa...@texashealth.org

Texas Health Resources: Arlington Memorial,
Harris Methodist and Presbyterian Hospitals
A shared mission and now a shared name.





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

RE: Question on EAR files

[Savoy, Melinda]

Thanks for the response.  We're trying to find an alternative to Jboss.


Regards.

 

-Original Message-
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 15, 2007 12:00 PM
To: Tomcat Users List
Subject: Re: Question on EAR files

Savoy, Melinda wrote:
> I understand that Apache Tomcat 6 now supports the EAR file.
>
> Is that correct?
>   
Incorrect, Geronimo with Tomcat 6 does
Filip
>
> Melinda Savoy
> Sr. Programmer Analyst
> Financial Applications - Enterprise Systems
>
>
>
> The information contained in this message and any attachments is
intended only for the use of the individual or entity to which it is
addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL,
and exempt from disclosure under applicable law.  If you are not the
intended recipient, you are prohibited from copying, distributing, or
using the information.  Please contact the sender immediately by return
e-mail and delete the original message from your system.
>   
> --
> --
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.11/722 - Release Date: 
> 3/14/2007 3:38 PM
>   


-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Question on EAR files

[Savoy, Melinda]

I understand that Apache Tomcat 6 now supports the EAR file.

Is that correct?


Melinda Savoy
Sr. Programmer Analyst
Financial Applications - Enterprise Systems



The information contained in this message and any attachments is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are prohibited from copying, distributing, or using the information.  Please 
contact the sender immediately by return e-mail and delete the original message 
from your system.