Hi, you almost got it right, just move the auth-contraint outsite of the web-resource 
tag:
         <security-constraint>
                 <web-resource-collection>
                         <web-resource-name>Site</web-resource-name>
                         <description>Main security</description>
                         <url-pattern>/*.html</url-pattern>
                         <http-method>GET</http-method>
                 </web-resource-collection>
                 <auth-constraint>
                         <description>All users</description>
                         <role-name>intranet-users</role-name>
                 </auth-constraint>
         </security-constraint>

Which version of the distro is this? 0.7.4 had a problem with displaying
realm names properly, it ignored the <realm-name> tag and only used
the <display-name> tag if present in the web-app.
Regarding the user authentication failing we have also just found a delegation
bug in 0.7.5 which might cause you problems if you are defining "global"
users/groups (/config/principals.xml) as opposed to local users to the
web-app (/my-site/principals.xml), is this the case?

If it is then download the 0.7.6 patch (jar should be sufficient if you've got
a recent distro), let us know if the problem persists.

/Magnus Stenman, the Orion team

----- Original Message ----- 
From: Darren Gibbons <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 08, 1999 7:00 AM
Subject: Problems setting up authentication


> Hi all,
> 
> I'm trying to set up simple authentication (using Basic) using Orion, and
> I've run into some problems.  The documentation on this is somewhat sparse
> (I know, you're working on it...) but if someone could point me in the right
> direction, it would be appreciated.
> 
> I've created a copy of the default-site directory called 'intranet', and
> modified it's web-site.xml file, and I've added the entry to the server.xml
> to load up the new site, which does load properly.  However, I can't get the
> site to authenticate.
> 
> I added the following tags to the web-site.xml for the intranet virtual
> server.
> 
>         <login-config>
>                 <auth-method>BASIC</auth-method>
>                 <realm-name>Foobar</realm-name>
>         </login-config>
> 
> 
>         <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>Site</web-resource-name>
>                         <description>Main security</description>
>                         <url-pattern>/*.html</url-pattern>
>                         <http-method>GET</http-method>
>                         <auth-constraint>
>                                 <description>All users</description>
>                                 <role-name>intranet-users</role-name>
>                         </auth-constraint>
>                 </web-resource-collection>
>         </security-constraint>
> 
> 
> 
> 
>         <security-role>
>                 <description>Role security</description>
>                 <role-name>intranet-users</role-name>
>         </security-role>
> 
> 
> When I access the site (it's running on port 8080), I get the pop-up dialog
> box.  It states that the realm is:
> 
> Realm: file:/C:/orion/intranet/web-application.xml
> 
> I would have thought that it have stated Foobar for the realm, as defined
> above.  If I enter a userid and password that I identified in the
> principals.xml file, it denies that user.
> 
> Any ideas?  I've included the web-site.xml file, the web-application.xml
> file, and the principals.xml file.
> 
> 
> Thanks,
> 
> Darren.
> 
> 
> 
> 
> --
> Darren Gibbons                                    [EMAIL PROTECTED]
> OpenRoad Communications                               ph: 604.681.0516
> Internet Application Development                     fax: 604.681.0916
> Vancouver, B.C.                                 http://www.openroad.ca
> 

Reply via email to