Etieene, No coding is necessary. The XMLUserManager is used by default, or you can use the DataSourceUsermanager (a database store), or the EJBUserManager (a cmp bean), or an LDAP usermanager (this was developed outside of Orion, but is very useful addition). You do have to specify the proper j2ee security constraints in your web.xml file as well as select basic authentication in the web.xml file. If you aren't doing this, it won't work.
Orion does not require any java coding for j2ee authentication for basic or form based methods. If you use a progammatic authentication in your application that involves manipulating the header response, this is not j2ee authentication, and I don't believe the servlet 2.3 spec supports manipulating the Auth part of the response header, since it would directly interfere with the j2ee authentication. For example, what if your header manipulation conflicts with the web.xml deployment descriptor for authentication? Regards, the elephantwalker www.elephantwalker.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Etienne Giraudy Sent: Wednesday, December 05, 2001 7:13 AM To: Orion-Interest Subject: Orion and basic authentication Hi, I'm curious to know if there is any possibility to setup my webapp for using basic authentication without having to code a (simple) user manager (cf http://www.orionsupport.com/articles/usermanager.html). It seems that orion is the only app server needing some code to support basic authentication. Our application has built in support (decoding of http header authentication data) for basic authentication and it has been successfully tested under weblogic, websphere, tomcat, resin and jrun! But it seems that orion strip off the http header authentication data before passing it to the webapp... Any help appreciated. Etienne Giraudy