Hi, a first here I am new to using the J2EE environment. All previous projects on Weblogic we have written our own custom authentication now there is java.security.principal and all that. The problem I have is I went through an example I found on the archive along with the one on orionsupport.com for setting up the the DataSourceUserManager I have copied to a T (as far as 3 of us can figure). firstly on ie 5.5 The form never happens, all that I get is BASIC authentication When I try and change the login-config to BASIC there users never login in the users table there is a petern/pass and assigned to the group user users NAME PASSWORD petern pass USER_GROUPS NAME USR_NAME user petern The configuration is as follows... (I would really like some help on this) I have had to write my own authentication for the servlets and JSP and would much rather create secure zones based on what should be available. AppName application.xml and web.xml have the following /myapp/application.xml has <security-role> <role-name>user</role-name> <description>Registerd Users</description> </security-role> /myapp/web.xml has the following <security-constraint> <web-resource-collection> <web-resource-name>myapp</web-resource-name> <description>myapp default is all secure</description> <url-pattern>/start.jsp</url-pattern> <http-method>*</http-method> </web-resource-collection> <auth-constraint> <description>The users creating </description> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/loginbox.jsp</form-login-page> <form-error-page>/login-error.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>user</role-name> <description>Registerd Users</description> </security-role> principals.xml in myapp in the application-deployments has <groups> <group name="guest" /> <group name="user" /> <group name="admin" /> </groups> <users> </users> in orion-application.xml there is <principals path="principals.xml" /> <user-manager class="com.evermind.sql.DataSourceUserManager"> <property name="groupMembershipGroupFieldName" value="NAME" /> <property name="groupMembershipUsernameFieldName" value="NAME" /> <property name="table" value="USERS" /> <property name="passwordField" value="PASSWORD" /> <property name="groupMembershipTableName" value="---" /> <property name="usernameField" value="---" /> <property name="dataSource" value="ejb/default_myappDataSource" /> </user-manager> <security-role-mapping name="user"> <group name="user" /> </security-role-mapping> _____________________________________________________________________ This message has been checked for all known viruses by the MessageLabs Virus Control Centre. For further information visit http://www.messagelabs.com/stats.asp