Hi, I integrated waffle and now I apply the constraint to the website security. I want users from certain AD group to be able to access the site.
This is an intranet website. it is private site on a domain.
I have created an active directory group "workflowusers":
![](https://lh3.googleusercontent.com/-AGQPfdakINg/VrGiJgYEc_I/AAAAAAAAAGs/sKvN3IWrnnE/s320/Capture.JPG)
Then I added a user to the group (the user is member of the group now), finally I defined the following in web.xml:
<security-constraint>
<display-name>not relevant</display-name>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>workflowusers</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>not relevant</description>
<role-name>workflowusers</role-name>
</security-role>
This gives me error 403 access denied.
WHEN I replace the role-name in "Everyone" or "*" it works - but all domain users can visit the address.. I need to restrict it for a perople of certain group.
<role-name>Everyone<role-name> OR <role-name>*</role-name>
How can i do it ?
Did i define it wrong in active directory ?
Thanks