Sorry! just noticed you are not moving to TC 5. Perhaps this does not solve your problem afterall.
> -----Original Message----- > From: Allistair Crossley > Sent: 27 January 2005 11:28 > To: Tomcat Users List > Subject: RE: IIS, Tomcat and NTLM Authentication > > > Hi, > > Sounds like you need to set tomcatAuthentication="false" for JK. > > Have a look at my blog on upgrading issues here > > http://www.adcworks.com/blog/ > > Allistair. > > > -----Original Message----- > > From: Sue Roe [mailto:[EMAIL PROTECTED] > > Sent: 27 January 2005 11:09 > > To: [EMAIL PROTECTED] Apache. Org > (tomcat-user@jakarta.apache.org) > > Subject: IIS, Tomcat and NTLM Authentication > > > > > > Hi > > > > > > > > We have just upgraded our server software, running a Java > > application, as > > follows: > > > > > > > > From: > > > > IIS 4, Tomcat 4.1 - both running on same server - NT4 > > > > To: > > > > IIS 5, Tomcat 4.1 - both running on same server - Windows 2000 > > > > > > > > The application is to be available to all staff, either over > > the Intranet > > or the Internet. > > > > > > > > An issue has arisen with NTLM authentication. We extract a users > > domain\username details using NTLM Authentication, the code > > is listed at the > > bottom of this e-mail. This mechanism worked 100% on the old > > configuration. > > Unfortunately with the IIS server upgrade and change in OS the > > authentication details do not seem to be being picked up in > > two scenarios. > > > > > > > > 1. IE 6, unless Enable Integrated Windows Authentication > > is disabled. > > We don't really want Browser settings to affect access. > > 2. IE 5! (We are trying to force client sites to upgrade > > to IE6, but > > still why does the NTLM Authentication break down here?) > > > > > > > > The IIS settings are as follow: > > > > Default Web Site: > > > > Anonymous Access - OFF > > > > Basic Authentication - ON > > > > Integrated Windows > > Authentication - ON > > > > Jakarta Virtual Directory: > > > > Anonymous Access - ON > > > > Basic Authentication - ON > > > > Integrated Windows > > Authentication - ON > > > > > > > > If anyone has had any similar experiences or knows of any > > other mechanism to > > retrieve domain/username, it would be great to hear. > > > > > > > > Thanks > > > > Sue > > > > > > > > > > > > Code to Extract domain/user Details > > > > ************************************************************** > > ************** > > *********** > > > > String auth = request.getHeader("Authorization"); > > > > if (auth == null) { > > > > response.setStatus(response.SC_UNAUTHORIZED); > > > > response.setHeader("WWW-Authenticate", "NTLM"); > > > > return; > > > > } > > > > String domain = ""; > > > > String username = ""; > > > > if (auth.startsWith("NTLM ")) { > > > > byte[] msg = new > > sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5)); > > > > int off = 0, length, offset; > > > > if (msg[8] == 1){ > > > > byte z = 0; > > > > byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', > > (byte)'M', (byte)'S', (byte)'S', (byte)'P', > > > > z,(byte)2, z, z, z, z, z, z, > > z,(byte)40, z, z, z, > > > > (byte)1, (byte)130, z, z,z, > (byte)2, (byte)2, > > > > (byte)2, z, z, z, z, z, z, z, z, z, > z, z, z}; > > > > response.setHeader("WWW-Authenticate", "NTLM " + > > > > new > > sun.misc.BASE64Encoder().encodeBuffer(msg1)); > > > > response.sendError(response.SC_UNAUTHORIZED); > > > > return; > > > > } else if (msg[8] == 3) { > > > > off = 30; > > > > length = msg[off+17]*256 + msg[off+16]; > > > > offset = msg[off+19]*256 + msg[off+18]; > > > > String remoteHost = new String(msg, > > offset, length); > > > > length = msg[off+1]*256 + msg[off]; > > > > offset = msg[off+3]*256 + msg[off+2]; > > > > domain = new String(msg, offset, length); > > > > length = msg[off+9]*256 + msg[off+8]; > > > > offset = msg[off+11]*256 + msg[off+10]; > > > > username = new String(msg, offset, length); > > > > String employeeNTLogin = domain + "\\" > + username; > > > > context.log("User NT Login: "+ > > employeeNTLogin + ":: " + > > new Date(System.currentTimeMillis())); > > > > session.setAttribute (Constants.DATABASE, > > context.getAttribute(Constants.DATABASE)); > > > > Employee userEmployee=null; > > > > // 1. Get Employee Object for NT Login of > > User & Roles > > > > try { > > > > userEmployee = > > myEmployeeDAO_Pool.getDetailsByNTLogin(employeeNTLogin); > > > > } catch (DAOException daoex){ > > > > } > > > > session.setAttribute(Constants.USER_EMPLOYEE, > > userEmployee); > > > > etc etc > > > > > > > > ************************************************************** > > ************** > > ************************ > > > > > > > > > ********************************************************************** > > ***Disclaimer*** > > > > The contents of this Email may be privileged and are > > confidential. If you are not the intended recipient, any > > disclosure, copying, distribution or any action taken or > > omitted to be taken in reliance on it, is prohibited and may > > be unlawful. > > > > Should you wish to use Email as a mode of communication, CMi > > plc and its subsidiaries are unable to guarantee the security > > of Email content outside of our own computer systems. > > > > This footnote also confirms that this e-mail message has been > > swept by Mimesweeper for the presence of computer viruses. > > Whilst we run anti-virus software, you are solely responsible > > for ensuring that any e-mail or attachment you receive is > > virus free. We disclaim any liability for any damage you > > suffer as a consequence of receiving any virus. > > > > Checkmate International plc (CMi) > > Registered in England No 1899857 > > Registered Office 4th Floor, 35 New Bridge Street, London, EC4V 6BW > > Head Office Tele + 44 (0) 1993 885600 > > Head Office Fax + 44 (0) 1993 885603 > > Web Site : www.cmi-plc.com > > > ********************************************************************** > > > > > > > <FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLUE> > ------------------------------------------------------- > QAS Ltd. > Developers of QuickAddress Software > <a href="http://www.qas.com";>www.qas.com</a> > Registered in England: No 2582055 > Registered in Australia: No 082 851 474 > ------------------------------------------------------- > </FONT> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
