Sorry for the slow reply. I believe there is a fundamental problem in Tomcat 3.2.x with respect to authentication when used with an external web server. This is why I don't think you can get the "security" example to work with IIS + Tomcat 3.2.x. Though the form login is triggered, Tomcat will never use the "user" that logs in because it is an "internally" defined user. Requests forwarded from IIS always carry the remote user known to IIS, not Tomcat.
Tomcat 3.3 addressed this by adding a tomcatAuthentication attribute to the Ajp12Connector and Ajp13Connector. It defaults to "true", which causes the remote user supplied by IIS to be ignored an the "internally" authenticated user used. By setting tomcatAuthentication to "false", you can use IIS's authenticated user as the remote user for the requests. Unfortunately, since the user roles for the request remain unset, security constraints in the web.xml won't work. This is also the state of affairs when using Tomcat 3.2.x. Cheers, Larry > -----Original Message----- > From: Samuel Rochas [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 22, 2001 5:00 AM > To: Tomcat Users List > Subject: Re: form authentication with IIS - j_security_check > - error 405 > - tomcat 3.2.3 > > > Hi Ingo, > > > <role-name>synthmagguest</role-name> > So the user defined in tomcat-users.xml was member of this group: > <user name="tomcat" password="tomcat" roles="synthmagguest" /> > > Did you define a group synthmagguest within Win2k? > > > <realm-name>synthMAG</realm-name> > And synthMAG is the Win2k user name? > > > You mean through port 8080 it did not work either? Sounds strange. > Right. It sounds strange to me too ;) > That's why I concentrate on FORM authentication which is working at > least with tomcat. > > Do you have any hint to further web resources? > > Sincerly > Samuel > -- > SWIPe Software Engineering & Project Management GmbH > > Solutions with Individual Profile > > Web: http://www.swipe.de > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
