This is one thing that really makes me miss Apache sometimes.
Anyway, here's what you need to do.
Add the following to your web.xml in your application
<security-constraint>
<web-resource-collection>
<web-resource-name>Foo</web-resource-name>
<description>Foo</description>
<url-pattern>/foo/*</url-pattern>
<http-method>GET|POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>The description</description>
<role-name>foorole</role-name>
</auth-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Foo Realm</realm-name>
</login-config>
</security-constraint>
<security-role>
<description>Foo</description>
<role-name>foorole</role-name>
</security-role>
Now deploy the application. If you do it with the tools I think
you can define and link foorole from there. If you autodeploy
then you will need to go to your orion/application-deployments/application.
Add the user or group information to principals.xml in that directory
and then link the role to the user or group using a <security-role-ref>
in the orion-application.xml in that directory.
Wasn't that easy? ;-)
Maybe there is an easier way... this took me quite some time to
get all the pieces together and it really makes me miss .htaccess :)
----- Original Message -----
From: "Gavin Thomas Nicol" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Thursday, August 17, 2000 9:42 PM
Subject: Basic security....
> I'm probably missing something obvious, but... how
> does one set up security for URL's in Orion. For
> example, if I want to protect /foo/*, how can I do
> that?
>
