I would like to set up my realm to allow folks in by userid not by rolename.
I do not know what the tag for the web.xml file should be The following is a sample security constraint. The role names are working fine, but I need to say if a user is tony or user is x then allow them in, but without the use of roles. <security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/jsp/security/protected/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <!-- the following does not work because tony is a userid not a rolename --> <!-- what tag should I use to get this to work so userid tony can access the application space? --> <role-name>tony</role-name> <role-name>marketing</role-name> <role-name>role1</role-name> </auth-constraint> </security-constraint> Thanks, Tony -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>