I thought I tried that but I'll give it another go. Won't this mean that
the user's realm groups (security groups from active directory) won't be
loaded then? If tomcat doesn't do the authentication via the filter I
would assume that would be the case. That won't work for me if it is
true.
The application I have is an employee portal. I want the user to not
have to log in to be authenticated. I have this working perfectly in
WebLogic but I'm exploring a possible move to JBoss. I use the user's
groups to avoid displaying certain sections of the portal.
gave it another go:
Okay so I took out the filter from the web app and set the "Integrated
Windows Security" to on for the site and the redirector directory. I've
got the tomcatAuthentication=false set in the AJP 1.3 Connector element
in the server.xml.
<Connector port="8009" address="${jboss.bind.address}"
debug="99"
emptySessionPath="true" enableLookups="false" redirectPort="8443"
protocol="AJP/1.3"
tomcatAuthentication="false"
minProcessors="5"
maxProcessors="15"
/>
This let me into the app but with a blank getRemoteUser() value.
Obviously not what I need.
(no disclaimer)
> -----Original Message-----
> From: Allistair Crossley [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 26, 2005 4:42 AM
> To: Tomcat Users List; tomcat-user@jakarta.apache.org
> Subject: RE: jCIFS Jboss Tomcat IIS NTLM Authentication
>
> if you're using IIS in front of your application you don't
> need to use jCIFs. All you do is set the directory
> permissions on your website to Integrated Windows
> Authentication, then configure your Tomcat AJP Connector
> element with tomcatAuthentication="false". Then
> request.getRemoteUser() will return the Windows username.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
