Did you remove the permission for rmi:login?
By default this goes something like:

                <group name="users">
                        <description>users</description>
                        <permission name="rmi:login" />
                </group>

(the default administrator is also part of users)
or did you remove the permission for administrator to administrate?
By defaut this goes something like:

                <group name="administrators">
                        <description>administrators</description>
                        <permission name="administration" />
                </group>

or you delete your settings for namespace access in your
orion-application.xml?
It goes something like:

        <namespace-access>
                <read-access>
                        <namespace-resource root="">
                                <security-role-mapping name="&lt;jndi-user-role&gt;">
                                        <group name="administrators" />
                                </security-role-mapping>
                        </namespace-resource>
                </read-access>
                <write-access>
                        <namespace-resource root="">
                                <security-role-mapping name="&lt;jndi-user-role&gt;">
                                        <group name="administrators" />
                                </security-role-mapping>
                        </namespace-resource>
                </write-access>
        </namespace-access>

Hope this helps,

WR
Magnus Rydin
IronFlare AB

> -----Ursprungligt meddelande-----
> Fran: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]For Tim Courtney
> Skickat: den 9 januari 2002 04:09
> Till: Orion-Interest
> Amne: user manager, principals & shutdown
>
>
> I need some help fixing something I broke.
>
> I stepped through the user manager tutorial on orionsupport (
> http://uk.orionsupport.com/articles/usermanager.html ) and managed to
> put BASIC authentication on a certain directory on my site.
>
> But since then, it seems I deleted the information that allows the
> shutdown command
>  >java -jar admin.jar ormi://localhost admin xxxxx -shutdown
>
> this command looks up the username/password in the custom UserManager
> and always returns
>  >Security error: Invalid username/password for default (admin)
>
> I would prefer that the server admin & the users in the custom
> UserManager be kept separate.
>
> is my principals.xml meant to have two different groups?
>
> can the server admin user remain in the xml config as it is when first
> running orion?
> <user username="admin" password="xxxxx" deactivated="false">
>
> my application.xml:
> <user-manager class="com.orionsupport.security.MyUserManager" />
>
> should there be two different entries here??? one for the BASIC authen,
> and one for server admin ?
>
> my web.xml:
>    <security-role>
>        <role-name>administrators</role-name>
>    </security-role>
>
>    <login-config>
>        <auth-method>BASIC</auth-method>
>        <realm-name>admin tool</realm-name>
>    </login-config>
>      <security-constraint>
>        <web-resource-collection>
>            <url-pattern>/admin/</url-pattern>
>        </web-resource-collection>
>        <auth-constraint>
>            <role-name>administrators</role-name>
>        </auth-constraint>
>    </security-constraint>
>
> my principals.xml: (however the user is just ignored, and the
> MyUserManager is always used to validate both users)
> <principals>
>    <groups>
>        <group name="administrators">
>            <description>admin tool users</description>
>            <permission name="administration" />
>            <permission
> name="com.evermind.server.AdministrationPermission" />
>        </group>
>    </groups>
>    <users>
>        <user username="admin" password="admin" deactivated="false">
>            <description>The default administrator</description>
>            <group-membership group="administrators" />
>        </user>
>    </users>
> </principals>
>
> I hope all that made sense
>
> thanks
> tim
>


Reply via email to