I set up IIS with mod_jk and JBoss 4.2.2.GA. This works nicely until I try to access a password-protected site. I have tried with jmx-console, which I set up to use BASIC auth, and with XWiki, which uses FORM auth.
Whenever I access the site, I get a BASIC-style login popup that accepts no credentials whatsoever, and when I click 'Cancel', IIS presents me with a 401.
The above is with tomcatAyuthentificatiom="true". If I set it to false, the FORM-based XWiki reacts the same (401 from IIS), but jmx-console directly returns a 403 from tomcat.
I'm a bit unsure where to look for the problem, is it in IIS? mod_jk? JBoss? XWiki even?
I'm not expert on this, but I have a clue that might help you.
Go into IIS console, select your Default Web Site, RM, Properties, Directory Security tab, Edit the Anonymous Access controls. Make sure that Anonymous Access is checked, and make sure any other types of authentication that IIS might want to try are UN-checked.