IMHO the IIS redirection is a total hack. It's a lot of additional load, a whole other web server to deal with, configure and administer. Because you're merely hiding Tomcat behind IIS you're not really getting rid of your tomcat server, you're just masking the problem.
I'll allow myself to theorize that Jakarta redirector was a stop gap solution because people didn't want a Windows-only valve to do NTLM or because they couldn't write one. If you end up using waffle, please do let me know. Good luck. dB. @ dblock.org Moscow|Geneva|Seattle|New York -----Original Message----- From: Savoy, Melinda [mailto:melindasa...@texashealth.org] Sent: Monday, May 24, 2010 8:30 PM To: Tomcat Users List Subject: RE: Question on workers.properties file Yes. dB, we are a microsoft shop for all practical purposes. We were the first Java web app that was created here at our company and now since JCIFS is not NTLMv2 compliant we had thought we'd go ahead and use IIS that is being used for everything else internet and intranet wise. Thanks for the info again. I had actually emailed you last week asking if the web.xml setting were required and you stated they were not. I think I'm very close to getting this IIS-Tomcat integration resolved but if I cannot get it to work by the end of the week I'll probably try Waffle. There does not seem to be a lot of documentation on the IIS side to make this work so it seems to be more complicated than I had anticipated. I'm trying to recheck, as Andre suggested, again tomorrow and hope that I can get this to work. Regards. ________________________________________ From: dB. [dbl...@dblock.org] Sent: Monday, May 24, 2010 18:09 To: Tomcat Users List Subject: RE: Question on workers.properties file I am curious whether you're using IIS for anything other than single sign-on / authentication? If you're not, check out http://waffle.codeplex.com - there's a new Negotiate (Kerberos + NTLM) authenticator. This could remove IIS from your entire picture. dB. @ dblock.org Moscow|Geneva|Seattle|New York -----Original Message----- From: Savoy, Melinda [mailto:melindasa...@texashealth.org] Sent: Monday, May 24, 2010 7:03 PM To: Tomcat Users List; Tomcat Users List Subject: RE: Question on workers.properties file Andre, Sorry for creating confusion on the other post. I will stick with this post as well. I made changes to the setting here: I think the problem is right there, and in the worker mappings you mentioned earlier : >> /examples/*=scmisWorker >> /examples/*.jsp=scmisWorker >> /examples/servlet/*=scmisWorker to /*=scmisWorker /*.jsp=scmisWorker /servlet/*=scmisWorker That is why in the log that I had sent stated it as such. I have looked on the Apache Tomcat website to find documentation on the setup of IIS with Tomcat. I made the change above because I had forgotten to change it from the example that I found in the documentation, again my apologies for that. Given the settings that I identified in IIS I can not get authenticated. That is why I think it is an authentication issue. I have gone back and checked each setting but cannot find a problem. That is why I sent my setting so that perhaps someone on this list might see something that I have overlooked. I'll keep trying. Thanks. ________________________________________ From: André Warnier [...@ice-sa.com] Sent: Monday, May 24, 2010 15:49 To: Tomcat Users List Subject: Re: Question on workers.properties file Savoy, Melinda wrote: > Andre, > > Thanks for the reply. I was finally able to get my the LOG file created. I > had NOT setup my virtual website, SCMIS, in addition to the JAKARTA virtual > website in IIS and consequently I kept using Tomcat to authenticate instead > of using IIS to do so and it was never hitting my website > > I think it has something to do with the settings in my IIS setting. I still > cannot get the value from getRemoteUser() because the user is blank as is > indicated in the log below. ANY help/direction would be greatly appreciated. > > The URL that I am using to access my SCMIS virtual website is: > http://localhost/SCMIS/index.jsp > > In IIS I have the following: > > Default Web Site - Anonymous access checked and Integrated Windows > authentication unchecked > Jakarta - virtual web site and Anonymous access checked and Integrated > Windows authentication unchecked > SCMIS - virtual web site and Anonymous access unchecked and Integrated > Windows authentication checked > > I have attached the entries in the log file that just happened: I think the problem is right there, and in the worker mappings you mentioned earlier : >> /examples/*=scmisWorker >> /examples/*.jsp=scmisWorker >> /examples/servlet/*=scmisWorker Now in your logfile, you have : [Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/servlet/*=scmisWorker' source 'uriworkermap' [Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/*.jsp=scmisWorker' source 'uriworkermap' [Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c (863): Found a wildchar match '/*.jsp=scmisWorker' Assuming the mappings above, then why is it trying to match '/servlet/*=scmisWorker' and '/*.jsp=scmisWorker' ? That does not fit. Those mappings are not in your list above. Again, I am no expert on IIS or on the Jk redirector in conjunction with it, but my little finger tells me that there is something very wrong somewhere. I have the feeling that your problem is not really related to authentication (or the lack of it). It is that there is some confusion as to the proper setup of IIS and Tomcat together, and how IIS handles "virtual websites". Maybe we should restart from the beginning, like here : When you look at the ...\Tomcat 6.0\webapps directory, what are the sub-directories located just below it ? And , just to gain time, out of these, which is the one that corresponds to the application which /should/ be authenticated ? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.819 / Virus Database: 271.1.1/2894 - Release Date: 05/24/10 14:26:00 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.819 / Virus Database: 271.1.1/2894 - Release Date: 05/24/10 14:26:00 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org