?
Solved

Problem with HTTP Keepalives with Tomcat 5.0 and IIS 6.0

Posted on 2008-10-15
2
Medium Priority
?
560 Views
Last Modified: 2013-12-02
We have a problem with HTTP keepalive requests not being honoured from the a .NET forms application connecting to a Tomcat 5.0.25 server via an IIS 6.0 server using the Tomcat Isapi filter (v1.2.25).  The Website is set to use NTLM via the "NTAuthenticationProviders" Metabase parameter.

We get the same problem if we use IE as the client to connect to the Tomcat application.  The HTTP headers show the keepalive request being asked for by the client but every request is re-authenticated by IIS despite "HTTP Keepalives" being ticked in the website properties.  I suspect it is the Tomcat ISAPI filter that is closing the session but can't find any way to configure it not to do this.

If the Tomcat ISAPI filter isn't installed on the website then the keepalives work as expected and you only authenticate once against IIS per session.  Also if Tomcat is handling the NTLM authentication using JCIFs then again you only authenticate once.

This isn't a huge problem for users in the same datacentre as the application as the NTLM authentication happens reasonably quickly but for users in a remote DC this is adding 1.5s to every request which is unacceptable.

Any help appreciated!

Thanks
0
Comment
Question by:WebSystems
  • 2
2 Comments
 
LVL 1

Author Comment

by:WebSystems
ID: 22757387
No-one has any ideas?
0
 
LVL 1

Accepted Solution

by:
WebSystems earned 0 total points
ID: 22894832
We gave up on this in the end and used the JCIFS filter in Tomcat to do the NTLM authentication rather than the connector under IIS.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question