Carlos, You can change these bits in the orion-web.xml. Also, there should be no need to change the security constraints, since the web.xml uses roles, and orion-web.xml uses groups.
Why the difference? Well Karl and Magnus were smart enough to recognize that web modules and ejb modules would be written once, and deployed under many different enterprise applications. But each of these modules would have their own role names for security-constraints. The hard bit is how to re-use these components without rewritting the web.xml. Groups saved the day. So the usermanager (or the jndi access to the roleManager) uses Groups to control access. Normally this is transparant to the developer, since most groups have the same name as the role's in your web.xml or ejb-jar.xml. But when you don't have the same names, you can use group/role mapping in your orion-web.xml file to tell orion which roles in the web.xml file map to which groups used by the usermanager. roleManager has some great methods for managing your groups, as do the usermanager's. Use these methods to mangle your groups and users. I hope this helps. regards, the elephantwalker www.elephantwalker.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Carlos Macías Sent: Tuesday, October 23, 2001 10:59 AM To: Orion-Interest Subject: security-constraint Hi everybody. I´ve a big problem: Somebody know how i can modify and manage the security-constraint (in web.xml) using the orion API? Thank you all. _________________________________________________________________ Descargue GRATUITAMENTE MSN Explorer en http://explorer.msn.es/intl.asp