I'm trying to get the security working for a web app. I'm using JAAS and the BASIC
authentication. I don't want to use FORM because the original Perl app (from which
my web app is derived) also used BASIC and I don't want the interface to change.
I've found that the security works great if I go directly to the weblogic server,
so it looks like the problem is with IIS (we're fowarding requests from IIS to
WebLogic). I think the problem lies in my web.xml. It has this in it:

MLV Users Only

From what I can tell, weblogic just uses the realm-name as a label in the dialog
box that pops up, and for nothing else. My guess is that IIS is really trying
to use this as a security realm.

Am I on the right track? Anyone got any hints?