Hello
Let me preface by saying my knowledge and experience with seurity is
primitive.
I am now working on a project wherein we have a set of ASP pages with a
custom authentication process. I have embedded a servlet into one of
these asp pages but want to avoid making the user authenticate twice
I have setup IIS with isapi_redirector2.dll to map all requests to
www.server.com/foo to my Tomcat server running ajp13 (using jk2) on port
8009. This works well. However, Tomcat (4.1.20) is running a servlet
with access to sensitive data, so I want to make sure not just anyone
can access /foo. As
