RE: security-constraint
Thank you very much. >From: "The elephantwalker" <[EMAIL PROTECTED]> >Reply-To: Orion-Interest <[EMAIL PROTECTED]> >To: Orion-Interest <[EMAIL PROTECTED]> >Subject: RE: security-constraint >Date: Tue, 23 Oct 2001 11:37:34 -0700 > >Carlos, > >You can change these bits in the orion-web.xml. Also, there should be no >need to change the security constraints, since the web.xml uses roles, and >orion-web.xml uses groups. > >Why the difference? > >Well Karl and Magnus were smart enough to recognize that web modules and >ejb >modules would be written once, and deployed under many different enterprise >applications. But each of these modules would have their own role names for >security-constraints. The hard bit is how to re-use these components >without >rewritting the web.xml. > >Groups saved the day. So the usermanager (or the jndi access to the >roleManager) uses Groups to control access. Normally this is transparant to >the developer, since most groups have the same name as the role's in your >web.xml or ejb-jar.xml. But when you don't have the same names, you can use >group/role mapping in your orion-web.xml file to tell orion which roles in >the web.xml file map to which groups used by the usermanager. > >roleManager has some great methods for managing your groups, as do the >usermanager's. Use these methods to mangle your groups and users. > >I hope this helps. > >regards, > >the elephantwalker >www.elephantwalker.com > >-Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Carlos Macías >Sent: Tuesday, October 23, 2001 10:59 AM >To: Orion-Interest >Subject: security-constraint > > >Hi everybody. >I´ve a big problem: >Somebody know how i can modify and manage the security-constraint (in >web.xml) using the orion API? >Thank you all. > >_ >Descargue GRATUITAMENTE MSN Explorer en http://explorer.msn.es/intl.asp > > > _ Descargue GRATUITAMENTE MSN Explorer en http://explorer.msn.es/intl.asp
RE: security-constraint
Carlos, You can change these bits in the orion-web.xml. Also, there should be no need to change the security constraints, since the web.xml uses roles, and orion-web.xml uses groups. Why the difference? Well Karl and Magnus were smart enough to recognize that web modules and ejb modules would be written once, and deployed under many different enterprise applications. But each of these modules would have their own role names for security-constraints. The hard bit is how to re-use these components without rewritting the web.xml. Groups saved the day. So the usermanager (or the jndi access to the roleManager) uses Groups to control access. Normally this is transparant to the developer, since most groups have the same name as the role's in your web.xml or ejb-jar.xml. But when you don't have the same names, you can use group/role mapping in your orion-web.xml file to tell orion which roles in the web.xml file map to which groups used by the usermanager. roleManager has some great methods for managing your groups, as do the usermanager's. Use these methods to mangle your groups and users. I hope this helps. regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Carlos Macías Sent: Tuesday, October 23, 2001 10:59 AM To: Orion-Interest Subject: security-constraint Hi everybody. I´ve a big problem: Somebody know how i can modify and manage the security-constraint (in web.xml) using the orion API? Thank you all. _ Descargue GRATUITAMENTE MSN Explorer en http://explorer.msn.es/intl.asp
security-constraint
Hi everybody. I´ve a big problem: Somebody know how i can modify and manage the security-constraint (in web.xml) using the orion API? Thank you all. _ Descargue GRATUITAMENTE MSN Explorer en http://explorer.msn.es/intl.asp
Security constraint and directory browsing
Hi all, has anyone been able to get basic authentication working on a directory with directory browsing enabled? If I enable directory browing in my orion-web.xml and set a security constraint on an empty directory (say /mydir/ ), I do not get a security authentication when I access http://myserver/mydir/, however if I specifies a file: http://myserver/mydir/somefile.html then it works. Any way to get the authentication working on the directory browsing? Thanks, Christian Billen HyperQuest Solutions, Inc.
