2 Replies Latest reply on Jul 18, 2012 3:39 PM by md1037

I need help with Jboss 7.1.1, IIS7, isapi_redirect, getRemoteUser is null

md1037 Jul 16, 2012 1:49 PM

We are upgrading from jboss4.05 to 7.1.1 running on Server2008 R2 Standard with IIS7. We use the isapi_redirect and authenticate users via their windows network credentials. This works fine on

Our requests are being successfully routed to jboss, but the remote user (getRemoteUser in HttpServletRequest) is null. I believe all of the IIS settings are configured the same as the server running 4.05 (which successfully authenticates users).

Has anyone had experience with this? Is there a possible configuration setting within jboss that might be preventing the remote user from being read in the request header?

1. Re: I need help with Jboss 7.1.1, IIS7, isapi_redirect, getRemoteUser is null

md1037 Jul 17, 2012 11:32 AM (in response to md1037)

As an update, I've inspected the http requests with Fiddler and I see the authorization data being sent in the header. But something (I guess either the AJP connector or Jboss is nullifying it).

Is there a simple way to ensure that Jboss authorization/authentication is bypassed? Similar to the old tomcatAuthentication="false"? Any other suggestions?

Edit: And after more digging I just found this:

https://issues.jboss.org/browse/AS7-1581

This throws a pretty big monkey wrench in our upgrade plan, if there is no resolution to this...
Actions
2. Re: I need help with Jboss 7.1.1, IIS7, isapi_redirect, getRemoteUser is null

md1037 Jul 18, 2012 3:39 PM (in response to md1037)

Verified that the tomcat authentication flag is the issue with a hack of org.jboss.as.web.WebConnectorService.

Auth header comes through with the following code added to the start method.

           if (connector.getProtocolHandler() instanceof AjpProtocol) {
                     AjpProtocol ajp = (AjpProtocol)connector.getProtocolHandler();
               ajp.setTomcatAuthentication(false);
           }
Actions

Go to original post