Hi, you almost got it right, just move the auth-contraint outsite of the web-resource
tag:
<security-constraint>
<web-resource-collection>
<web-resource-name>Site</web-resource-name>
<description>Main security</description>
<url-pattern>/*.html</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>All users</description>
<role-name>intranet-users</role-name>
</auth-constraint>
</security-constraint>
Which version of the distro is this? 0.7.4 had a problem with displaying
realm names properly, it ignored the <realm-name> tag and only used
the <display-name> tag if present in the web-app.
Regarding the user authentication failing we have also just found a delegation
bug in 0.7.5 which might cause you problems if you are defining "global"
users/groups (/config/principals.xml) as opposed to local users to the
web-app (/my-site/principals.xml), is this the case?
If it is then download the 0.7.6 patch (jar should be sufficient if you've got
a recent distro), let us know if the problem persists.
/Magnus Stenman, the Orion team
----- Original Message -----
From: Darren Gibbons <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 08, 1999 7:00 AM
Subject: Problems setting up authentication
> Hi all,
>
> I'm trying to set up simple authentication (using Basic) using Orion, and
> I've run into some problems. The documentation on this is somewhat sparse
> (I know, you're working on it...) but if someone could point me in the right
> direction, it would be appreciated.
>
> I've created a copy of the default-site directory called 'intranet', and
> modified it's web-site.xml file, and I've added the entry to the server.xml
> to load up the new site, which does load properly. However, I can't get the
> site to authenticate.
>
> I added the following tags to the web-site.xml for the intranet virtual
> server.
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Foobar</realm-name>
> </login-config>
>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Site</web-resource-name>
> <description>Main security</description>
> <url-pattern>/*.html</url-pattern>
> <http-method>GET</http-method>
> <auth-constraint>
> <description>All users</description>
> <role-name>intranet-users</role-name>
> </auth-constraint>
> </web-resource-collection>
> </security-constraint>
>
>
>
>
> <security-role>
> <description>Role security</description>
> <role-name>intranet-users</role-name>
> </security-role>
>
>
> When I access the site (it's running on port 8080), I get the pop-up dialog
> box. It states that the realm is:
>
> Realm: file:/C:/orion/intranet/web-application.xml
>
> I would have thought that it have stated Foobar for the realm, as defined
> above. If I enter a userid and password that I identified in the
> principals.xml file, it denies that user.
>
> Any ideas? I've included the web-site.xml file, the web-application.xml
> file, and the principals.xml file.
>
>
> Thanks,
>
> Darren.
>
>
>
>
> --
> Darren Gibbons [EMAIL PROTECTED]
> OpenRoad Communications ph: 604.681.0516
> Internet Application Development fax: 604.681.0916
> Vancouver, B.C. http://www.openroad.ca
>