You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rainer Jung <ra...@kippdata.de> on 2010/06/11 23:36:48 UTC
Re: ISAPI log question regarding authentication
On 11.06.2010 23:21, Savoy, Melinda wrote:
> I am working in my local Eclipse development environment on a Windows XP box. (As stated in a previous post, I was able to get authentication working in the Windows 2003 environment after talking to a MS IIS engineer)
>
> I just got off of a phone call with another IIS engineer at Microsoft regarding the authentication issue again that I am getting Windows XP and we spotted something interesting in the ISAPI log and wanted to run it by you guys.
>
> I've now setup my IIS and browser in Windows XP to FORCE NTLM authentication and I am getting in the request, per the ISAPI log, the credentials that it passes from IIS to Tomcat.
>
> What is interesting is that it would appear that from the ISAPI log that the AJP is returning a 401 code to the browser and therefore executing a Windows Login prompt. Please see bolded/red type below.
>
> Below is a copy of the entries in my ISAPI log and wanted to get any input on WHY it would appear that the redirector is returning a 401 status back to my IE or Firefox browser(?):
Because it receives a 401 response form your web application in Tomcat
and forwards the response as is to the client. So why is your web
application sending a 401?
Regards,
Rainer
> [Fri Jun 11 15:46:59.853 2010] [2292:2200] [info] jk_isapi_plugin.c (2573): Jakarta/ISAPI/isapi_redirector/1.2.30 initialized
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1835): Filter started
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (1036): Attempting to map URI '/localhost/SCMIS/index.jsp' from 1 maps
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (863): Found a wildchar match '/SCMIS/*=scmisWorker'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1916): check if [/SCMIS/index.jsp] points to the web-inf directory
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1932): [/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1972): fowarding escaped URI [/SCMIS/index.jsp]
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_worker.c (339): Maintaining worker scmisWorker
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2792): Reading extension header HTTP_TOMCATWORKER6A6B0000: scmisWorker
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2793): Reading extension header HTTP_TOMCATWORKERIDX6A6B0000: 0
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2794): Reading extension header HTTP_TOMCATURI6A6B0000: /SCMIS/index.jsp
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2795): Reading extension header HTTP_TOMCATQUERY6A6B0000: (null)
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2850): Applying service extensions
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3108): Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3120): Service request headers=8 attributes=0 chunked=no content-length=0 available=0
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_worker.c (116): found a worker scmisWorker
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2162): got a worker for name scmisWorker
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (3093): acquired connection pool slot=0 after 0 retries
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (605): ajp marshaling done
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (2376): processing scmisWorker with 2 retries
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (1579): (scmisWorker) all endpoints are disconnected.
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_connect.c (480): socket TCP_NODELAY set to On
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (604): trying to connect socket 2112 to 127.0.0.1:8009
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (630): socket 2112 connected to 127.0.0.1:8009
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (967): Connected socket 2112 to (127.0.0.1:8009)
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): sending to ajp13 pos=4 len=524 max=8192
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0000 12 34 02 08 02 02 00 08 48 54 54 50 2F 31 2E 31 - .4......HTTP/1.1
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0010 00 00 10 2F 53 43 4D 49 53 2F 69 6E 64 65 78 2E - .../SCMIS/index.
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0020 6A 73 70 00 00 09 31 32 37 2E 30 2E 30 2E 31 00 - jsp...127.0.0.1.
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0030 00 09 31 32 37 2E 30 2E 30 2E 31 00 00 09 6C 6F - ..127.0.0.1...lo
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0040 63 61 6C 68 6F 73 74 00 00 50 00 00 08 A0 01 00 - calhost..P......
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0050 03 2A 2F 2A 00 00 0F 61 63 63 65 70 74 2D 6C 61 - .*/*...accept-la
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0060 6E 67 75 61 67 65 00 00 05 65 6E 2D 75 73 00 A0 - nguage...en-us..
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0070 06 00 0A 4B 65 65 70 2D 41 6C 69 76 65 00 A0 0B - ...Keep-Alive...
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0080 00 09 6C 6F 63 61 6C 68 6F 73 74 00 A0 0E 00 D0 - ..localhost.....
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0090 4D 6F 7A 69 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D - Mozilla/4.0.(com
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00a0 70 61 74 69 62 6C 65 3B 20 4D 53 49 45 20 38 2E - patible;.MSIE.8.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00b0 30 3B 20 57 69 6E 64 6F 77 73 20 4E 54 20 35 2E - 0;.Windows.NT.5.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00c0 31 3B 20 54 72 69 64 65 6E 74 2F 34 2E 30 3B 20 - 1;.Trident/4.0;.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00d0 2E 4E 45 54 20 43 4C 52 20 31 2E 31 2E 34 33 32 - .NET.CLR.1.1.432
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00e0 32 3B 20 2E 4E 45 54 20 43 4C 52 20 32 2E 30 2E - 2;..NET.CLR.2.0.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00f0 35 30 37 32 37 3B 20 2E 4E 45 54 20 43 4C 52 20 - 50727;..NET.CLR.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0100 33 2E 30 2E 30 34 35 30 36 2E 36 34 38 3B 20 49 - 3.0.04506.648;.I
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0110 6E 66 6F 50 61 74 68 2E 32 3B 20 2E 4E 45 54 20 - nfoPath.2;..NET.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0120 43 4C 52 20 33 2E 30 2E 34 35 30 36 2E 32 31 35 - CLR.3.0.4506.215
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0130 32 3B 20 2E 4E 45 54 20 43 4C 52 20 33 2E 35 2E - 2;..NET.CLR.3.5.
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0140 33 30 37 32 39 3B 20 4D 53 2D 52 54 43 20 4C 4D - 30729;.MS-RTC.LM
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0150 20 38 3B 20 4D 53 2D 52 54 43 20 45 41 20 32 29 - .8;.MS-RTC.EA.2)
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0160 00 A0 05 00 65 4E 54 4C 4D 20 54 6C 52 4D 54 56 - ....eNTLM.TlRMTV
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0170 4E 54 55 41 41 44 41 41 41 41 41 41 41 41 41 45 - NTUAADAAAAAAAAAE
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0180 67 41 41 41 41 41 41 41 41 41 53 41 41 41 41 41 - gAAAAAAAAASAAAAA
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0190 41 41 41 41 42 49 41 41 41 41 41 41 41 41 41 45 - AAAABIAAAAAAAAAE
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01a0 67 41 41 41 41 41 41 41 41 41 53 41 41 41 41 41 - gAAAAAAAAASAAAAA
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01b0 41 41 41 41 42 49 41 41 41 41 42 63 4B 49 6F 67 - AAAABIAAAABcKIog
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01c0 55 42 4B 41 6F 41 41 41 41 50 00 00 0F 61 63 63 - UBKAoAAAAP...acc
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01d0 65 70 74 2D 65 6E 63 6F 64 69 6E 67 00 00 0D 67 - ept-encoding...g
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01e0 7A 69 70 2C 20 64 65 66 6C 61 74 65 00 A0 08 00 - zip,.deflate....
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01f0 01 30 00 03 00 0C 54 45 58 41 53 5C 53 61 76 6F - .0....TEXAS\Savo
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0200 79 4D 00 04 00 04 4E 54 4C 4D 00 FF 00 00 00 00 - yM....NTLM......
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1639): (scmisWorker) request body to send 0 - request body to resend 0
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): received from ajp13 pos=0 len=152 max=8192
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0000 04 01 91 00 0C 55 6E 61 75 74 68 6F 72 69 7A 65 - .....Unauthorize
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0010 64 00 00 03 00 0A 53 65 74 2D 43 6F 6F 6B 69 65 - d.....Set-Cookie
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0020 00 00 33 4A 53 45 53 53 49 4F 4E 49 44 3D 37 30 - ..3JSESSIONID=70
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0030 41 39 33 35 32 46 46 31 35 39 32 44 45 32 46 42 - A9352FF1592DE2FB
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0040 45 34 34 45 34 37 45 30 37 43 37 44 45 31 3B 20 - E44E47E07C7DE1;.
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0050 50 61 74 68 3D 2F 00 00 0C 43 6F 6E 74 65 6E 74 - Path=/...Content
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0060 2D 54 79 70 65 00 00 17 74 65 78 74 2F 68 74 6D - -Type...text/htm
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0070 6C 3B 63 68 61 72 73 65 74 3D 75 74 66 2D 38 00 - l;charset=utf-8.
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0080 00 0E 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 - ..Content-Length
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0090 00 00 04 31 30 39 35 00 00 00 00 00 00 00 00 00 - ...1095.........
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (660): status = 401
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (667): Number of headers is = 3
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (723): Header[0] [Set-Cookie] = [JSESSIONID=70A9352FF1592DE2FBE44E47E07C7DE1; Path=/]
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (723): Header[1] [Content-Type] = [text/html;charset=utf-8]
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (723): Header[2] [Content-Length] = [1095]
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_isapi_plugin.c (947): Starting response for URI '/SCMIS/index.jsp' (protocol HTTP/1.1)
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_isapi_plugin.c (1047): Not using Keep-Alive
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): received from ajp13 pos=0 len=1099 max=8192
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0000 03 04 47 3C 68 74 6D 6C 3E 3C 68 65 61 64 3E 3C - ..G<html><head><
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0010 74 69 74 6C 65 3E 41 70 61 63 68 65 20 54 6F 6D - title>Apache.Tom
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0020 63 61 74 2F 36 2E 30 2E 31 38 20 2D 20 45 72 72 - cat/6.0.18.-.Err
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0030 6F 72 20 72 65 70 6F 72 74 3C 2F 74 69 74 6C 65 - or.report</title
>
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02a0 20 3C 2F 68 65 61 64 3E 3C 62 6F 64 79 3E 3C 68 - .</head><body><h
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02b0 31 3E 48 54 54 50 20 53 74 61 74 75 73 20 34 30 - 1>HTTP.Status.40
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02c0 31 20 2D 20 55 73 65 72 20 20 69 73 20 6E 6F 74 - 1.-.User..is.not
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02d0 20 61 75 74 68 6F 72 69 7A 65 64 20 74 6F 20 61 - .authorized.to.a
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02e0 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6F 75 - ccess.this.resou
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02f0 72 63 65 3C 2F 68 31 3E 3C 48 52 20 73 69 7A 65 - rce</h1><HR.size
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0300 3D 22 31 22 20 6E 6F 73 68 61 64 65 3D 22 6E 6F - ="1".noshade="no
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0310 73 68 61 64 65 22 3E 3C 70 3E 3C 62 3E 74 79 70 - shade"><p><b>typ
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0320 65 3C 2F 62 3E 20 53 74 61 74 75 73 20 72 65 70 - e</b>.Status.rep
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0330 6F 72 74 3C 2F 70 3E 3C 70 3E 3C 62 3E 6D 65 73 - ort</p><p><b>mes
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0340 73 61 67 65 3C 2F 62 3E 20 3C 75 3E 55 73 65 72 - sage</b>.<u>User
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0350 20 20 69 73 20 6E 6F 74 20 61 75 74 68 6F 72 69 - ..is.not.authori
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0360 7A 65 64 20 74 6F 20 61 63 63 65 73 73 20 74 68 - zed.to.access.th
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0370 69 73 20 72 65 73 6F 75 72 63 65 3C 2F 75 3E 3C - is.resource</u><
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0380 2F 70 3E 3C 70 3E 3C 62 3E 64 65 73 63 72 69 70 - /p><p><b>descrip
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0390 74 69 6F 6E 3C 2F 62 3E 20 3C 75 3E 54 68 69 73 - tion</b>.<u>This
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03a0 20 72 65 71 75 65 73 74 20 72 65 71 75 69 72 65 - .request.require
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03b0 73 20 48 54 54 50 20 61 75 74 68 65 6E 74 69 63 - s.HTTP.authentic
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03c0 61 74 69 6F 6E 20 28 55 73 65 72 20 20 69 73 20 - ation.(User..is.
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03d0 6E 6F 74 20 61 75 74 68 6F 72 69 7A 65 64 20 74 - not.authorized.t
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03e0 6F 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 - o.access.this.re
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03f0 73 6F 75 72 63 65 29 2E 3C 2F 75 3E 3C 2F 70 3E - source).</u></p>
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_isapi_plugin.c (1188): Writing 1095 bytes of data to client
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_isapi_plugin.c (1201): Wrote 1095 bytes of data successfully
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): received from ajp13 pos=0 len=2 max=8192
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0000 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1940): AJP13 protocol: Reuse is OK
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_isapi_plugin.c (2185): service() returned OK
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (757): (scmisWorker) resetting endpoint with sd = 2112
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (3010): recycling connection pool slot=0 for worker scmisWorker
>
> Any help/direction would be appreciated. Thank you.
>
>
> Melinda Savoy
> Sr. Programmer Analyst, ERP Systems
> Innovative Technology Solutions
> Texas Health Resources
> 600 E. Lamar Blvd, Ste 301, Arlington TX 76011
> MelindaSavoy@texashealth.org<ma...@texashealth.org>
>
> Texas Health Resources: Arlington Memorial,
> Harris Methodist and Presbyterian Hospitals
> A shared mission and now a shared name.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: ISAPI log question regarding authentication
Posted by "Savoy, Melinda" <Me...@texashealth.org>.
Thanks for the reply. I just was not sure. I have to troubleshoot our app as I did not think we were sending back a 401 error.
Again, thanks for the reply.
________________________________________
From: Rainer Jung [rainer.jung@kippdata.de]
Sent: Friday, June 11, 2010 16:36
To: Tomcat Users List
Subject: Re: ISAPI log question regarding authentication
On 11.06.2010 23:21, Savoy, Melinda wrote:
> I am working in my local Eclipse development environment on a Windows XP box. (As stated in a previous post, I was able to get authentication working in the Windows 2003 environment after talking to a MS IIS engineer)
>
> I just got off of a phone call with another IIS engineer at Microsoft regarding the authentication issue again that I am getting Windows XP and we spotted something interesting in the ISAPI log and wanted to run it by you guys.
>
> I've now setup my IIS and browser in Windows XP to FORCE NTLM authentication and I am getting in the request, per the ISAPI log, the credentials that it passes from IIS to Tomcat.
>
> What is interesting is that it would appear that from the ISAPI log that the AJP is returning a 401 code to the browser and therefore executing a Windows Login prompt. Please see bolded/red type below.
>
> Below is a copy of the entries in my ISAPI log and wanted to get any input on WHY it would appear that the redirector is returning a 401 status back to my IE or Firefox browser(?):
Because it receives a 401 response form your web application in Tomcat
and forwards the response as is to the client. So why is your web
application sending a 401?
Regards,
Rainer
> [Fri Jun 11 15:46:59.853 2010] [2292:2200] [info] jk_isapi_plugin.c (2573): Jakarta/ISAPI/isapi_redirector/1.2.30 initialized
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1835): Filter started
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (1036): Attempting to map URI '/localhost/SCMIS/index.jsp' from 1 maps
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/SCMIS/*=scmisWorker' source 'uriworkermap'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_uri_worker_map.c (863): Found a wildchar match '/SCMIS/*=scmisWorker'
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1916): check if [/SCMIS/index.jsp] points to the web-inf directory
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1932): [/SCMIS/index.jsp] is a servlet url - should redirect to scmisWorker
> [Fri Jun 11 15:46:59.853 2010] [2292:4624] [debug] jk_isapi_plugin.c (1972): fowarding escaped URI [/SCMIS/index.jsp]
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_worker.c (339): Maintaining worker scmisWorker
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2792): Reading extension header HTTP_TOMCATWORKER6A6B0000: scmisWorker
> [Fri Jun 11 15:46:59.869 2010] [2292:4624] [debug] jk_isapi_plugin.c (2793): Reading extension header HTTP_TOMCATWORKERIDX6A6B0000: 0
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2794): Reading extension header HTTP_TOMCATURI6A6B0000: /SCMIS/index.jsp
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2795): Reading extension header HTTP_TOMCATQUERY6A6B0000: (null)
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2850): Applying service extensions
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3108): Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/SCMIS/index.jsp
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (3120): Service request headers=8 attributes=0 chunked=no content-length=0 available=0
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_worker.c (116): found a worker scmisWorker
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_isapi_plugin.c (2162): got a worker for name scmisWorker
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (3093): acquired connection pool slot=0 after 0 retries
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (605): ajp marshaling done
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (2376): processing scmisWorker with 2 retries
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_ajp_common.c (1579): (scmisWorker) all endpoints are disconnected.
> [Fri Jun 11 15:46:59.884 2010] [2292:4624] [debug] jk_connect.c (480): socket TCP_NODELAY set to On
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (604): trying to connect socket 2112 to 127.0.0.1:8009
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_connect.c (630): socket 2112 connected to 127.0.0.1:8009
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (967): Connected socket 2112 to (127.0.0.1:8009)
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): sending to ajp13 pos=4 len=524 max=8192
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0000 12 34 02 08 02 02 00 08 48 54 54 50 2F 31 2E 31 - .4......HTTP/1.1
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0010 00 00 10 2F 53 43 4D 49 53 2F 69 6E 64 65 78 2E - .../SCMIS/index.
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0020 6A 73 70 00 00 09 31 32 37 2E 30 2E 30 2E 31 00 - jsp...127.0.0.1.
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0030 00 09 31 32 37 2E 30 2E 30 2E 31 00 00 09 6C 6F - ..127.0.0.1...lo
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0040 63 61 6C 68 6F 73 74 00 00 50 00 00 08 A0 01 00 - calhost..P......
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0050 03 2A 2F 2A 00 00 0F 61 63 63 65 70 74 2D 6C 61 - .*/*...accept-la
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0060 6E 67 75 61 67 65 00 00 05 65 6E 2D 75 73 00 A0 - nguage...en-us..
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0070 06 00 0A 4B 65 65 70 2D 41 6C 69 76 65 00 A0 0B - ...Keep-Alive...
> [Fri Jun 11 15:46:59.900 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0080 00 09 6C 6F 63 61 6C 68 6F 73 74 00 A0 0E 00 D0 - ..localhost.....
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0090 4D 6F 7A 69 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D - Mozilla/4.0.(com
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00a0 70 61 74 69 62 6C 65 3B 20 4D 53 49 45 20 38 2E - patible;.MSIE.8.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00b0 30 3B 20 57 69 6E 64 6F 77 73 20 4E 54 20 35 2E - 0;.Windows.NT.5.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00c0 31 3B 20 54 72 69 64 65 6E 74 2F 34 2E 30 3B 20 - 1;.Trident/4.0;.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00d0 2E 4E 45 54 20 43 4C 52 20 31 2E 31 2E 34 33 32 - .NET.CLR.1.1.432
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00e0 32 3B 20 2E 4E 45 54 20 43 4C 52 20 32 2E 30 2E - 2;..NET.CLR.2.0.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 00f0 35 30 37 32 37 3B 20 2E 4E 45 54 20 43 4C 52 20 - 50727;..NET.CLR.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0100 33 2E 30 2E 30 34 35 30 36 2E 36 34 38 3B 20 49 - 3.0.04506.648;.I
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0110 6E 66 6F 50 61 74 68 2E 32 3B 20 2E 4E 45 54 20 - nfoPath.2;..NET.
> [Fri Jun 11 15:46:59.915 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0120 43 4C 52 20 33 2E 30 2E 34 35 30 36 2E 32 31 35 - CLR.3.0.4506.215
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0130 32 3B 20 2E 4E 45 54 20 43 4C 52 20 33 2E 35 2E - 2;..NET.CLR.3.5.
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0140 33 30 37 32 39 3B 20 4D 53 2D 52 54 43 20 4C 4D - 30729;.MS-RTC.LM
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0150 20 38 3B 20 4D 53 2D 52 54 43 20 45 41 20 32 29 - .8;.MS-RTC.EA.2)
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0160 00 A0 05 00 65 4E 54 4C 4D 20 54 6C 52 4D 54 56 - ....eNTLM.TlRMTV
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0170 4E 54 55 41 41 44 41 41 41 41 41 41 41 41 41 45 - NTUAADAAAAAAAAAE
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0180 67 41 41 41 41 41 41 41 41 41 53 41 41 41 41 41 - gAAAAAAAAASAAAAA
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0190 41 41 41 41 42 49 41 41 41 41 41 41 41 41 41 45 - AAAABIAAAAAAAAAE
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01a0 67 41 41 41 41 41 41 41 41 41 53 41 41 41 41 41 - gAAAAAAAAASAAAAA
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01b0 41 41 41 41 42 49 41 41 41 41 42 63 4B 49 6F 67 - AAAABIAAAABcKIog
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01c0 55 42 4B 41 6F 41 41 41 41 50 00 00 0F 61 63 63 - UBKAoAAAAP...acc
> [Fri Jun 11 15:46:59.931 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01d0 65 70 74 2D 65 6E 63 6F 64 69 6E 67 00 00 0D 67 - ept-encoding...g
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01e0 7A 69 70 2C 20 64 65 66 6C 61 74 65 00 A0 08 00 - zip,.deflate....
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 01f0 01 30 00 03 00 0C 54 45 58 41 53 5C 53 61 76 6F - .0....TEXAS\Savo
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1152): 0200 79 4D 00 04 00 04 4E 54 4C 4D 00 FF 00 00 00 00 - yM....NTLM......
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1639): (scmisWorker) request body to send 0 - request body to resend 0
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): received from ajp13 pos=0 len=152 max=8192
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0000 04 01 91 00 0C 55 6E 61 75 74 68 6F 72 69 7A 65 - .....Unauthorize
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0010 64 00 00 03 00 0A 53 65 74 2D 43 6F 6F 6B 69 65 - d.....Set-Cookie
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0020 00 00 33 4A 53 45 53 53 49 4F 4E 49 44 3D 37 30 - ..3JSESSIONID=70
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0030 41 39 33 35 32 46 46 31 35 39 32 44 45 32 46 42 - A9352FF1592DE2FB
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0040 45 34 34 45 34 37 45 30 37 43 37 44 45 31 3B 20 - E44E47E07C7DE1;.
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0050 50 61 74 68 3D 2F 00 00 0C 43 6F 6E 74 65 6E 74 - Path=/...Content
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0060 2D 54 79 70 65 00 00 17 74 65 78 74 2F 68 74 6D - -Type...text/htm
> [Fri Jun 11 15:46:59.947 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0070 6C 3B 63 68 61 72 73 65 74 3D 75 74 66 2D 38 00 - l;charset=utf-8.
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0080 00 0E 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 - ..Content-Length
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0090 00 00 04 31 30 39 35 00 00 00 00 00 00 00 00 00 - ...1095.........
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (660): status = 401
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (667): Number of headers is = 3
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (723): Header[0] [Set-Cookie] = [JSESSIONID=70A9352FF1592DE2FBE44E47E07C7DE1; Path=/]
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (723): Header[1] [Content-Type] = [text/html;charset=utf-8]
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (723): Header[2] [Content-Length] = [1095]
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_isapi_plugin.c (947): Starting response for URI '/SCMIS/index.jsp' (protocol HTTP/1.1)
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_isapi_plugin.c (1047): Not using Keep-Alive
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): received from ajp13 pos=0 len=1099 max=8192
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0000 03 04 47 3C 68 74 6D 6C 3E 3C 68 65 61 64 3E 3C - ..G<html><head><
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0010 74 69 74 6C 65 3E 41 70 61 63 68 65 20 54 6F 6D - title>Apache.Tom
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0020 63 61 74 2F 36 2E 30 2E 31 38 20 2D 20 45 72 72 - cat/6.0.18.-.Err
> [Fri Jun 11 15:46:59.962 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0030 6F 72 20 72 65 70 6F 72 74 3C 2F 74 69 74 6C 65 - or.report</title
>
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02a0 20 3C 2F 68 65 61 64 3E 3C 62 6F 64 79 3E 3C 68 - .</head><body><h
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02b0 31 3E 48 54 54 50 20 53 74 61 74 75 73 20 34 30 - 1>HTTP.Status.40
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02c0 31 20 2D 20 55 73 65 72 20 20 69 73 20 6E 6F 74 - 1.-.User..is.not
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02d0 20 61 75 74 68 6F 72 69 7A 65 64 20 74 6F 20 61 - .authorized.to.a
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02e0 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6F 75 - ccess.this.resou
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 02f0 72 63 65 3C 2F 68 31 3E 3C 48 52 20 73 69 7A 65 - rce</h1><HR.size
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0300 3D 22 31 22 20 6E 6F 73 68 61 64 65 3D 22 6E 6F - ="1".noshade="no
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0310 73 68 61 64 65 22 3E 3C 70 3E 3C 62 3E 74 79 70 - shade"><p><b>typ
> [Fri Jun 11 15:46:59.994 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0320 65 3C 2F 62 3E 20 53 74 61 74 75 73 20 72 65 70 - e</b>.Status.rep
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0330 6F 72 74 3C 2F 70 3E 3C 70 3E 3C 62 3E 6D 65 73 - ort</p><p><b>mes
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0340 73 61 67 65 3C 2F 62 3E 20 3C 75 3E 55 73 65 72 - sage</b>.<u>User
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0350 20 20 69 73 20 6E 6F 74 20 61 75 74 68 6F 72 69 - ..is.not.authori
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0360 7A 65 64 20 74 6F 20 61 63 63 65 73 73 20 74 68 - zed.to.access.th
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0370 69 73 20 72 65 73 6F 75 72 63 65 3C 2F 75 3E 3C - is.resource</u><
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0380 2F 70 3E 3C 70 3E 3C 62 3E 64 65 73 63 72 69 70 - /p><p><b>descrip
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0390 74 69 6F 6E 3C 2F 62 3E 20 3C 75 3E 54 68 69 73 - tion</b>.<u>This
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03a0 20 72 65 71 75 65 73 74 20 72 65 71 75 69 72 65 - .request.require
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03b0 73 20 48 54 54 50 20 61 75 74 68 65 6E 74 69 63 - s.HTTP.authentic
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03c0 61 74 69 6F 6E 20 28 55 73 65 72 20 20 69 73 20 - ation.(User..is.
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03d0 6E 6F 74 20 61 75 74 68 6F 72 69 7A 65 64 20 74 - not.authorized.t
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03e0 6F 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 - o.access.this.re
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 03f0 73 6F 75 72 63 65 29 2E 3C 2F 75 3E 3C 2F 70 3E - source).</u></p>
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_isapi_plugin.c (1188): Writing 1095 bytes of data to client
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_isapi_plugin.c (1201): Wrote 1095 bytes of data successfully
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): received from ajp13 pos=0 len=2 max=8192
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1336): 0000 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (1940): AJP13 protocol: Reuse is OK
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_isapi_plugin.c (2185): service() returned OK
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (757): (scmisWorker) resetting endpoint with sd = 2112
> [Fri Jun 11 15:47:00.009 2010] [2292:4624] [debug] jk_ajp_common.c (3010): recycling connection pool slot=0 for worker scmisWorker
>
> Any help/direction would be appreciated. Thank you.
>
>
> Melinda Savoy
> Sr. Programmer Analyst, ERP Systems
> Innovative Technology Solutions
> Texas Health Resources
> 600 E. Lamar Blvd, Ste 301, Arlington TX 76011
> MelindaSavoy@texashealth.org<ma...@texashealth.org>
>
> Texas Health Resources: Arlington Memorial,
> Harris Methodist and Presbyterian Hospitals
> A shared mission and now a shared name.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ISAPI log question regarding authentication
Posted by André Warnier <aw...@ice-sa.com>.
André Warnier wrote:
> Rainer Jung wrote:
>> On 11.06.2010 23:21, Savoy, Melinda wrote:
>>> I am working in my local Eclipse development environment on a Windows
>>> XP box. (As stated in a previous post, I was able to get
>>> authentication working in the Windows 2003 environment after talking
>>> to a MS IIS engineer)
>>>
>>> I just got off of a phone call with another IIS engineer at Microsoft
>>> regarding the authentication issue again that I am getting Windows XP
>>> and we spotted something interesting in the ISAPI log and wanted to
>>> run it by you guys.
>>>
>>> I've now setup my IIS and browser in Windows XP to FORCE NTLM
>>> authentication and I am getting in the request, per the ISAPI log,
>>> the credentials that it passes from IIS to Tomcat.
>>>
>>> What is interesting is that it would appear that from the ISAPI log
>>> that the AJP is returning a 401 code to the browser and therefore
>>> executing a Windows Login prompt. Please see bolded/red type below.
>>>
This kind of "graphic highlighting" does not usually work on mailing
lists, which tend to be "pure text". If you want to highlight
something, it is better to insert some blank lines and a comment.
>>> Below is a copy of the entries in my ISAPI log and wanted to get any
>>> input on WHY it would appear that the redirector is returning a 401
>>> status back to my IE or Firefox browser(?):
>>
>> Because it receives a 401 response form your web application in Tomcat
>> and forwards the response as is to the client. So why is your web
>> application sending a 401?
>>
> By "application", understand the complete webapp stack, including any
> servlet filters which may be configured there.
>
> A 401 is not an error. It is the normal response of the server, in the
> NTLM protocol, when trying to access a protected resource.
> My guess in this case and at this point, is that it is the "legacy
> filter" (jCIFS-based) which sits on top of the webapp, and which does
> not check if the request is already authenticated, but returns a 401
> right away. Is that a possibility ?
>
As an addendum, here is a link to a document which explains the NTLM
authentication handshake :
http://www.innovation.ch/personal/ronald/ntlm.html
The "NTLM Handshake" section at the beginning summarises what must
happen. As you can see, there are 2 consecutive server responses
containing a 401 "HTTP status" (not an error per se, they are a normal
part of the protocol).
However, if I follow correctly, in your case, this handshake has already
taken place once before, between the browser and IIS. Then IIS is
satisfied, and forwards the request to Tomcat, via mod_jk, including a
user-id.
If there is a further NTLM authentication layer at the Tomcat level, it
should recognise that the request is already authenticated, and not
start yet another handshake. But apparently it doesn't, and does start
another NTLM handshake sequence (with the first 401 response of the
sequence).
That probably confuses the browser, because it has already gone through
the sequence, and is already sending an "Authorization:" header with its
request. And that is probably why the browser now pops up its "Basic
authentication" login dialog.
Basically what the browser is thinking is : "oh, my NTLM authentication
doesn't work ! Let's try a Basic authentication then."
Just another note : mod_jk (or the isapi_redirector) knows *nothing* of
NTLM, nor of any authentication protocols. It just passes information
back and forth between IIS (or Apache) and Tomcat. It does not add or
subtract any HTTP headers, and does not modify the request nor the
response content.
The only thing it does in terms of authentication, is that if the
webserver has a user-id for a request, it forwards this user-id from the
webserver to Tomcat.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ISAPI log question regarding authentication
Posted by André Warnier <aw...@ice-sa.com>.
Rainer Jung wrote:
> On 11.06.2010 23:21, Savoy, Melinda wrote:
>> I am working in my local Eclipse development environment on a Windows
>> XP box. (As stated in a previous post, I was able to get
>> authentication working in the Windows 2003 environment after talking
>> to a MS IIS engineer)
>>
>> I just got off of a phone call with another IIS engineer at Microsoft
>> regarding the authentication issue again that I am getting Windows XP
>> and we spotted something interesting in the ISAPI log and wanted to
>> run it by you guys.
>>
>> I've now setup my IIS and browser in Windows XP to FORCE NTLM
>> authentication and I am getting in the request, per the ISAPI log, the
>> credentials that it passes from IIS to Tomcat.
>>
>> What is interesting is that it would appear that from the ISAPI log
>> that the AJP is returning a 401 code to the browser and therefore
>> executing a Windows Login prompt. Please see bolded/red type below.
>>
>> Below is a copy of the entries in my ISAPI log and wanted to get any
>> input on WHY it would appear that the redirector is returning a 401
>> status back to my IE or Firefox browser(?):
>
> Because it receives a 401 response form your web application in Tomcat
> and forwards the response as is to the client. So why is your web
> application sending a 401?
>
By "application", understand the complete webapp stack, including any
servlet filters which may be configured there.
A 401 is not an error. It is the normal response of the server, in the
NTLM protocol, when trying to access a protected resource.
My guess in this case and at this point, is that it is the "legacy
filter" (jCIFS-based) which sits on top of the webapp, and which does
not check if the request is already authenticated, but returns a 401
right away. Is that a possibility ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org