No, the distinction between groups and roles are correct.
The mapping should be in the /deploy-dir/orion-application.xml and map the roles to groups, as done.
If you check out the deploy dir of the ATM you will notice that Orion has automatically mapped the role "users" to the group "users" per default.
Now, the mapping should look like:
<security-role-mapping name="r_user">
<group name="g_users" />
</security-role-mapping>
You probably want this outside your <namespace-access/> tag though.
WR
> -----Ursprungligt meddelande-----
> Från: elephantwalker [mailto:[EMAIL PROTECTED]]
> Skickat: den 14 maj 2001 11:15
> Till: Orion-Interest
> Ämne: RE: unable to configure form-based authentication correctly
>
>
> AFIK the role name and the group name have to be the same.
> You use r_users
> and g_users. This could be the problem. ATM app uses role=users and
> group=users.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Humphrey Sheil
> Sent: Monday, May 14, 2001 10:20 AM
> To: Orion-Interest
> Subject: unable to configure form-based authentication correctly
>
>
> Hi
>
> I am unable to achieve a basic goal with orion: to force form-based
> authentication using the simplest form of authentication (userids and
> passwords stored in principals.xml).
>
> I have read all the posts on this subject on the mailing
> list, but to no
> avail. I also tried the security primer on jollem.com, but
> the author of
> this primer told me that this tutorial is not yet working. I
> also saw the
> posts by Bill Winspure on Fri, 11 May 2001, but the mail
> archive hasn't got
> the zip file attached to the mail.
>
> My application works fine without authentication, so there
> are no other
> non-security related things affecting this.
>
> My procedure to add form-based auth.
> ====================================
>
> 1. I add three new attributes to my web.xml:
>
> <!-- attribute 1. declare the role I want to access my pages -->
>
> <security-role>
> <role-name>r_user</role-name>
> </security-role>
>
>
> <!-- attribute 2. now tell the container what and how I want
> protected -->
> <!-- note that the role-name attribute matches my
> security-role attribute
> above -->
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/*</url-pattern>
> <!-- If you list http methods, only those methods
> are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access
> this area -->
> <role-name>r_user</role-name>
> </auth-constraint>
> </security-constraint>
>
>
>
> <!-- attribute 3. let the container know that I want to
> use form-based
> auth., and redirect to login.jsp -->
> <!-- the form in login.jsp conforms to the servlet 2.2
> spec. naming
> conventions -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>login.jsp</form-login-page>
> <form-error-page>error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
>
> 2. I edited the principals.xml contained in
> $ORION_HOME/config to contain
> my user and group:
>
>
> <group name="g_user"/>
>
>
> <user username="testuser" password="xxx">
> <group-membership group="g_user" />
> </user>
>
>
> 3. I built and deployed the application at this point, and
> started orion
> server (with a fresh application-deployment directory).
>
>
> Next, I went to my application sub-directory under
> $ORION_HOME/application-deployments.
>
> Here I edited orion-application.xml and added two
> security-role-mapping
> attributes, one each in the read-access and write-access sections as
> follows:
>
>
> <namespace-access>
> <read-access>
> <namespace-resource root="">
> <security-role-mapping
> name="<jndi-user-role>">
> <group name="administrators" />
> </security-role-mapping>
> <security-role-mapping name="<r_user>">
> <group name="g_user" />
> </security-role-mapping>
> </namespace-resource>
> </read-access>
> <write-access>
> <namespace-resource root="">
> <security-role-mapping
> name="<jndi-user-role>">
> <group name="administrators" />
> </security-role-mapping>
> <security-role-mapping name="<r_user>">
> <group name="g_user" />
> </security-role-mapping>
> </namespace-resource>
> </write-access>
>
>
> (notes: I tried this with and without the < >. I also
> tried adding
> just one security-role-mapping).
>
>
>
> The form-based auth. still does not work. I am presented
> with the login
> form correctly when I try to access a protected resource, but
> my username
> and password is always rejected.
>
> Is this functionality working in orion server 1.4.5?
>
> What have I missed in my steps above?
>
> Has anybody gotten this to work?
>
>
> Thanks in advance
>
> Humphrey
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
>
