Tomcat/IIS Integration

This Tech Note was written to address using Tomcat Application Server in a "fully closed" network environment. Fully closed in this case meant that only ports 80 and 443 were open for access and that IIS was the web Server of choice.
Tomcat and IIS can happily co-exist on the same server and you can utilize the strengths of each as needed. It would appear that IIS is faster for HTML access while Tomcat offers the power of J2EE for your web applications.
Once configured this allows https references to Tomcat Services through the redirector. In this case SSL certificates were applied on the IIS site and keytool was used to certify tomcat.

Hope this is helpful.

Many thanks to those who's articles I found very helpful. Please see the Acknowledgements

No warranty is implied, expressed or given for those who might use these notes.

If you have any questions on the notes contact Alan Williams through this web site

Last Upadted March 15th 2005

Contents
Software Versions
IIS Settings
Configuration Files
Windows Registry
Tomcat Server Configuration
Tomcat SSL
IIS SSL
Server Side Includes
Acknowledgements

Back to Index

Software Versions

There are a few things variations for different versions as described.

IIS 5.0 & 6.0
Tomcat 4.1.29+
Java 1.4+

IIS 6.0
IIS 6.0 needs to be run in IIS 5.0 Isolation Mode. From IIS Manager

Right click web Sites and
Select the service tab
Check the run WWW in IIS 5.o Isolation Mode and
lick OK

also you will need to enable web Service Extensions for Tomcat. From IIS Manager

Select Web Service Extensions
Click Add a web service extension
Enter an extension name <jakarta>
Click add and
Browse to the isapi_redirector2.dll and select
Set extension status to allowed
Click ok

IIS Settings

Tomcat requires the following settings.

Virtual Directory
From IIS Manager on the website for which integration is required

Right click and Select
New -> Virtual Directory
Click next and name the directory eg. <jakarta>
Browse to the directory where the configuration files are located and click next
Check the Read, Run and Execute boxes and click next.
Click finish

ISAPI Filter
From IIS Manager on the website for which integration is required

Right click and Select Properties
Select ISAPI Filters
select Add
Enter name eg. <jakarta>
Browse to the location of and select the redirector dll
Click OK
Click Apply
Restart the IIS web Site
Check that the ISAPI filter has a green arrow

Configuration Files

Each version required different Configuration files.

Version 1.0
Example of a working Worker Properties file.
Example of a working URI Worker Map Properties file.
Version 2.0
Example of a working Worker Properties file.
Example of a working JK2 Properties file.

Make sure that file names entered in the Registry match the actual filenames.
Also be careful that you use the exact contents of these files as I tried some from other sources that were supposed to work but did not.

Tomcat Registry Entries

Working Version based on 2.0 (Limitations with 1.0 did not work for SSL)

The very subtle but very important differences in the detail of the entries between versions
Filenames must match with file in the actual location given

Key Group	Key	Value
HKEY_LOCAL_MACHINE -> SOFTWARE -> Apache Software Foundation -> Jakarta Isapi Redirector ->1.0	(Default)	(value not set)
	extension_uri	/tomcat/isapi_redirector.dll
	log_file	D:\Program Files\tomcat403\logs\jk_iis.log
	log_level	debug
	worker_file	d:\Program Files\tomcat403\conf\worker.properties
	worker_mount_file	d:\Program Files\tomcat403\conf\uriworkermap.properties
->2.0	(Default)	(value not set)
	extensionUri	//jakarta//isapi_redirector2.dll
	logLevel	debug
	serverRoot	d:\\Program Files\\tomcat\\tomcat4130
	workersFile	d:\\Program Files\\tomcat\\tomcat4130\\conf\\workers2.properties

Server Configuration

To enable the use of SSL two connectors need to be enabled in the Server file
One connector allows connections to 8443 for SSL and the second allows for redirection from the redirector to 8443 for SSL
Example of a working extract from Server Configuration file.

Tomcat SSL

For this you can follow the SSL HOW To privided in the Acknowledgements
NB: Keystore and key password must be the same for tomcat to work

IIS SSL

While there are several ways to make this work I set a Certificate Authority (CA) and installed a certificate as described in the Acknowledgements

Server Side Includes

Server side includes are accommodated through the use of a servlet utilizing the servlets-ssi library and a web.xml configuration.
Example of a working extract from Web Configuration file.