DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=35336>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35336 Summary: RFE: JK 1.2.13 (isapi_redirect) should be able to bypass IIS authentication, patch provided Product: Tomcat 5 Version: 5.5.9 Platform: PC OS/Version: Windows 2000 Status: NEW Severity: enhancement Priority: P2 Component: Native:JK AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] With JK 2.0.4 it was possible to handle authentication completely within the webapp (for example using jCIFS) as if the tomcat http connector would be used. The virtual directory "jakarta" is configured to do no (basic/windows) authentication (i.e. anonymous). With JK 1.2.13 I was not able to configure the same behaviour. IIS/JK 1.2.13 interferes with the authentication process. Authentication headers which should be forwarded to tomcat are removed from the request. It should be possible to authenticate using tomcat/webapp means independent from the used connector (http or JK). That means for example the tomcat manager could be simply used over IIS/JK without doing any extra authentication configuration and/or usermanagement at IIS side. The userdatabase would be conf\tomcat-users. xml. Tomcat users could use IIS, but keep the authentication process within Tomcat. I found some mails in the tomcat-users mailinglist about authentication probs with JK/IIS, so I assume this RFE would be also useful for others. It seems when a IIS version before IIS 5 is recognized, IIS/JK will not interfere with authentication process. Tomcat or the webapp could do authentication undisturbed. I have made a modification to jk_isapi_plugin.c, which will provide the functionality for doing this for me. With this modification ISAPI_redirect will operate as if an IIS Version before 5 is recognized but only if the registry key Software\Apache Software Foundation\Jakarta Isapi Redirector\1. 0\bypass_iis5_auth = '1' exists. Without this key the modification has no effect, so this should not break current installations. Could someone apply this patch or at least the functionality to the JK codebase? Please feel free to change the patch code, if it does not fit source code requirements. (I am not a C developer) *** jk-1.2.13-src\jk\native\iis\jk_isapi_plugin.c 2005-05-15 13:10:12.000000000 +-0200 --- jk-1.2.13-src\jk\native\iis\jk_isapi_plugin_modified.c 2005-06-08 11:31:38. 000000000 +-0200 *************** *** 64,69 **** --- 64,71 ---- #define REGISTRY_LOCATION ("Software\\Apache Software Foundation\\Jakarta Isapi Redirector\\1.0") #define EXTENSION_URI_TAG ("extension_uri") ! #define BYPASS_IIS5_AUTH ("bypass_iis5_auth") ! #define URI_SELECT_TAG ("uri_select") #define URI_SELECT_PARSED_VERB ("parsed") #define URI_SELECT_UNPARSED_VERB ("unparsed") *************** *** 120,125 **** --- 122,128 ---- static int is_inited = JK_FALSE; static int is_mapread = JK_FALSE; static int iis5 = -1; + static int bypass_iis5 = 0; static jk_uri_worker_map_t *uw_map = NULL; static jk_logger_t *logger = NULL; *************** *** 694,699 **** --- 697,706 ---- iis5 = (atof(serverSoftware + 14) >= 5.0); if (iis5) { jk_log(logger, JK_LOG_DEBUG, "Detected IIS >= 5.0"); + if (bypass_iis5) { + jk_log(logger, JK_LOG_DEBUG, "bypass_iis5_auth>0 set iis5=0") ; + iis5 = 0; + } } else { jk_log(logger, JK_LOG_DEBUG, "Detected IIS < 5.0"); *************** *** 1323,1328 **** --- 1330,1343 ---- } } ! if (get_registry_config_parameter(hkey, ! BYPASS_IIS5_AUTH, ! tmpbuf, sizeof(tmpbuf))) { ! if (tmpbuf[0]>'0') { ! bypass_iis5=1; ! } ! } ! RegCloseKey(hkey); } return ok; -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
