Hi,
This is a nasty problem but I hope someone out there has figured it out. We have been using tomcat 5.5.17, IIS 6, and JK2 happily for about a year now. Up to this point, we have not used IIS directory security to pass the NT username to tomcat. Some of our webapps have no security requirements, some have their own security mechanism, but now we have one that would benefit from pulling the NT username from IIS. I have gotten all that to work fine on localhost, getRequest().getRemoteUser() returns exactly what I want. The issue is that on the actual server, it's either all or nothing. In IIS the Jakarta virtual directory either has security or not. I can't specify it at the webapp level. So I thought maybe I could have two tomcat instances on the same machine, one Jakarta directory w/o security, and the other with it turned on. I was able to get both instances installed, but I can't get the second (secure) one connected to IIS. I spent a good bit of time with this yesterday and have gotten pretty close. I actually hex edited the second isapi_redirector2.dll to change the registry key to point to Isapi Rediretor\2.1 instead of Isapi Redirector\2.0. That allowed me to have two instances pointing to c:\tomcat and c:\tomcat-sec ... I could have just rebuilt the thing from source but am too busy/lazy to sit through the visual studio install yet again ... that seriously takes like 45 minutes J So I got to that point where everything should work right? Well sort of, the second filter at the bottom of the order in IIS works. The first one just hangs. If I switch the order, the other one works fine and the one that was working breaks. I ran across this which looks like a similar problem with jk1 http://issues.apache.org/bugzilla/show_bug.cgi?id=34584 Just wondering if anyone out there can give me some ideas. Maybe two tomcat instances is not the way to go and there is a better solution. I just need to figure out how to have some webapps be able to pull the NT name and some not. Thanks for any help John
