IIS -> connector -> Tomcat (NTLM authentication)
Question
I wanted to get feedback on a potential setup and wanted to make sure it would likely work before embarking on this path.
I want to use IIS in from of Tomcat to do NTLM authentication. There is a Web service running in tomcat that would get requests get forwarded to it by IIS.
This service requires knowledge of the remote NT user calling the service.
My question is that is this information passed along from IIS? If so, in what form is it passed. Is it passed in the HTTP header or something?
Thanks
2 answers
solution1
3 2011-05-08 16:17:35
If you want to front end IIS with tomcat you can either use the ISAPI based connectors or use .net based connectors (http://tomcatiis.riaforge.org).
In both cases, IIS will automatically handle all authentication tasks and the connectors will forward the authenticated user to tomcat via http headers. This is simpler to do and more flexible, especially if you want to change authentication schemes later, ie use certificates, kerberos, AD, SAML.
On the tomcat side you only worry if things are successfull. Additional host headers will be populated for you automatically that contain user information. There are several headers that will be populated based on which version of IIS you used. The most common http header is AUTH_USER which will contain the name of the authenticated user. You can, then, take it from there.
solution2
2 2010-05-21 11:00:51
您可以使用Waffle对Tomcat执行NTLM并完全避免使用IIS。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.