You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Shu Yan Chan (UK)" <sh...@eu.citrix.com> on 2000/08/18 16:22:35 UTC

IIS config or Tomcat config problem

Dear All,
I have set up IIS to serve static page and redirect all servlet requests to
tomcat.
I also set up IIS to ask for SUer name/password authentication.
My problem now is that any user can go strict to execute the servlets
without being authorized.
I re-call some similar discussion in this e-mailing list a while back, but I
am trying to avoid using JSP.
What do I need to config to make this happen? I really want the IIS to do
the authenication and Tomcat aware of it (i.e. can use the getRmoteUser()
methods, etc. Does the AJP protocol /Tomcat 3.1 support that?  Do I need to
change the config of IIS or the config of Tomcat 3.1?

Thanks.
Yours,
Shu Yan