[jcifs] Using JCIFS HTTP authentication with IIS/Tomcat re-director

André Warnier aw at ice-sa.com
Fri Mar 7 13:57:34 GMT 2008 

Hi.

I have a problem with the JCIFS HTTP authentication, in conjunction with
Tomcat and IIS.
JCIFS version is jcifs-1.2.18.jar.

I am using JCIFS at several sites as part of a Single-Sign-On
application, and it works fine (by the way, thank you).
In this latest installation I just did, it also works fine, as long as
the browser sends the request directly to Tomcat.
But it does not work if the same request is sent (ultimately to the same
URL and the same Tomcat) via IIS and the IIS-Tomcat isapi "redirector"
(see http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html)

In that case, the browser gets back an error page saying "401 This
request needs authentication".

The browser does *not* display the "login" dialog that it would display
if the authentication process had failed, it only display a 401 error 
page (which by the way looks like it comes from Tomcat; it has that 
"Tomcat look" to it)
If I set up the JCIFS servlet filter to do logging (jcifs.util.loglevel
= 4 e.g.), then :
- if the HTTP request is sent directly to Tomcat, I can follow in the
Tomcat logfile the JCIFS authentication taking place
- if the same request is sent via IIS and the re-director, there is 
nothing at all (regarding JCIFS) in the Tomcat logfile.  It thus looks 
as if it isn't even reaching the JCIFS filter.

Does anyone have an idea why this would be so ?

Thanks in advance,
André


More details if needed :

I have a similar setup working fine at several sites, except that in
those cases the "front-end" HTTP server is Apache, not IIS, and the 
redirector is mod_jk, not the isapi_redirector.
In this particular case however, IIS is used as the front-end HTTP
server, as follows :

- IIS is setup to answer to HTTP requests on port 80 (standard
configuration)
- Tomcat is set up to answer HTTP requests on port 8080
- in addition, Tomcat also listens for "JK requests" on port 8009, and
at the IIS level, the isapi redirector is set up to redirect some URLs
to Tomcat port 8009, via this "isapi redirector".
Thus, any request to port 80 (IIS) matching a given pattern, is
redirected by IIS to Tomcat port 8009, and is processed in fact by 
Tomcat.  This is the normal way in which things should happen in the 
application.  The direct access to Tomcat's HTTP server is only used for 
testing, like above.

More information about the jcifs mailing list