> From: melindasa...@texashealth.org > To: users@tomcat.apache.org; p...@pidster.com > Date: Tue, 22 Jun 2010 08:45:18 -0500 > Subject: RE: Still having problem retrieving user value from ISAPI Filter for > authentication > > We had been working with JCIFS and chose the Tomcat Connector for IIS because > we're primarily a MS shop and already had IIS in place here. The team lead > who had written this custom code is no longer with the company
MG> read this MG>http://washingtontechnology.com/Articles/2009/06/08/Insights-Soloway.aspx?Page=1 <snip> </snip> > Sorry I cannot be more specific. Hope this helps. > > -----Original Message----- > From: Pid [mailto:p...@pidster.com] > Sent: Tuesday, June 22, 2010 8:13 AM > To: Tomcat Users List > Subject: Re: Still having problem retrieving user value from ISAPI Filter for > authentication > > On 22/06/2010 13:59, Savoy, Melinda wrote: > > We have a custom filter that we're using because after we get the request > > and response info then I need to use the user value info and get the user > > also authenticated against a legacy system. > > > > But right now I have that commented out in my web.xml so that I can go > > directly to a test index.jsp page and verify that the getRemoteUser() is > > acquiring the user info from ISAPI but ISAPI is not providing that info to > > me via this method. I'm not sure, again, why it shows the info in the log > > but I cannot get to it directly. I'm not sure how Ranier was able to get to > > it as he stated awhile back. > > If there's no auth defined in web.xml then Tomcat isn't going to do anything > - AFAIK the auth valves don't trigger unless the config puts them in the > pipeline. > > If your auth is performed by a custom filter, that is currently commented > out, then you're not going to get very far there either. > > Do you know exactly what the filter does? > Does it decode the header itself and wrap the request/response objects? > > > p > > > > Thanks again. > > > > -----Original Message----- > > From: Pid [mailto:p...@pidster.com] > > Sent: Tuesday, June 22, 2010 7:53 AM > > To: 'Tomcat Users List' > > Subject: Re: Still having problem retrieving user value from ISAPI > > Filter for authentication > > > > On 22/06/2010 13:36, Savoy, Melinda wrote: > >> Thanks Pid, I did do that as well, but I did not see the user value there > >> either. > >> > >> Here is what I got when I did issue the getHeaderNames() and as you can > >> see the authorization shows the encrypted NTLM value but it is not > >> decrypted and I cannot get to the info though the ISAPI log shows the > >> decrypted value which I cannot get to: > >> > >> === MimeHeaders === > >> accept = */* > >> accept-language = en-us > >> connection = Keep-Alive > >> host = localhost > >> user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; > >> Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR > >> 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR > >> 3.5.30729; MS-RTC LM 8; MS-RTC EA 2) cookie = > >> JSESSIONID=969AE176A965514B845A6E3A9E83A21E > >> authorization = NTLM > >> TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAA > >> A > >> AAAABIAAAABcKIogUBKAoAAAAP > >> accept-encoding = gzip, deflate > >> content-length = 0 > >> > >> I don't know what I'm doing wrong here. Again, any help is appreciated. > > > > What do you have defined in web.xml for security-config etc? > > > > > > p > > > > > >> Thanks. > >> > >> -----Original Message----- > >> From: Pid [mailto:p...@pidster.com] > >> Sent: Tuesday, June 22, 2010 7:11 AM > >> To: Tomcat Users List > >> Subject: Re: Still having problem retrieving user value from ISAPI > >> Filter for authentication > >> > >> On 22/06/2010 13:05, Marc Boorshtein wrote: > >>> I haven't tried this with IIS, but we had quite the discussion on > >>> this last week with Apache & tomcat with JK. In your server.xml > >>> file add tomcatAuthentication="false" to the AJP connector object. > >>> If you look in the archives of this list for JK_REMOTE_USER there is > >>> a very interesting discussion on the topic. > >> > >> Also, you could iterate through the headers in request.getHeaderNames() to > >> see what's being passed across to Tomcat. > >> > >> > >> p > >> > >> > >>> Marc > >>> > >>> -------------------------------------------------------------------- > >>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >> > >> > >> > >> > >> The information contained in this message and any attachments is intended > >> only for the use of the individual or entity to which it is addressed, and > >> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from > >> disclosure under applicable law. If you are not the intended recipient, > >> you are prohibited from copying, distributing, or using the information. > >> Please contact the sender immediately by return e-mail and delete the > >> original message from your system. > > > > > > > > > > The information contained in this message and any attachments is intended > > only for the use of the individual or entity to which it is addressed, and > > may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from > > disclosure under applicable law. If you are not the intended recipient, you > > are prohibited from copying, distributing, or using the information. Please > > contact the sender immediately by return e-mail and delete the original > > message from your system. > > > > > The information contained in this message and any attachments is intended > only for the use of the individual or entity to which it is addressed, and > may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from > disclosure under applicable law. If you are not the intended recipient, you > are prohibited from copying, distributing, or using the information. Please > contact the sender immediately by return e-mail and delete the original > message from your system. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
