Just as a start, you need something more like the following. You need to look at how xml dtd are used.
<web-app> <security-constraint> <web-resource-collection> <web-resource-name>Joes Grill</web-resource-name> <url-pattern>/jsp/pigout.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>hungryman</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Joes Grill</web-resource-name> <url-pattern>/jsp/grill.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>eater</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Joes Grill</web-resource-name> <url-pattern>/jsp/uploads/upload.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>uploader</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Joes Grill</realm-name> </login-config> </web-app> At 05:14 PM 3/14/02 -0500, you wrote: >I would like to set up my realm to allow folks in by userid not by >rolename. > >I do not know what the tag for the web.xml file should be The following >is a sample security constraint. >The role names are working fine, but I need to say if a user is tony or >user is x then allow them in, but without the use of >roles. > ><security-constraint> > <display-name>Example Security Constraint</display-name> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <!-- Define the context-relative URL(s) to be protected --> > <url-pattern>/jsp/security/protected/*</url-pattern> > <!-- If you list http methods, only those methods are protected --> > > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <!-- Anyone with one of the listed roles may access this area >--> > <!-- the following does not work because tony is a userid not a >rolename --> > <!-- what tag should I use to get this to work so userid tony >can access the application space? --> > <role-name>tony</role-name> > <role-name>marketing</role-name> > <role-name>role1</role-name> > </auth-constraint> > </security-constraint> > >Thanks, >Tony > > > >-- >To unsubscribe: <mailto:[EMAIL PROTECTED]> >For additional commands: <mailto:[EMAIL PROTECTED]> >Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>