I'm using "<security-constraint>" to restrict access to the manager and other applications. I've had no trouble using both Memory and JNDI realms when accessing through the Coyote HTTP/1.1 Connector, but not when I use IIS and the isapi_redirector.dll (or isapi_redirector2.dll). With the ISAPI filter, my login attempts are rejected and the Windows security log suggests the attempts are going against the Windows domain rather than the tomcat realm. The isapi_redirector2.dll application log entries suggest something called "jk2_service_iis_get_roles" in the ISAPI filter is attempting to determine the role of the user rather than letting Tomcat do this. Is there a way to use Tomcat's container managed security through the ISAPI filter? TIA!
