Sun Java System Web Server 7.0 Administrator's Configuration File Reference

Authentication Methods

ACLs can optionally specify the authentication method that the server must use when processing the ACL. There are three methods:

The basic and digest methods require users to enter a user name and password before accessing a resource. The ssl method requires the user to have a client certificate. The Web Server must have the encryption turned on, and the user’s certificate issuer must be in the list of trusted certificate authorities (CAs) to be authenticated.

By default, the server uses the basic method for any ACL that does not specify a method. If you use the digest method, the server’s authentication database must be able to handle digest authentication. Authentication databases are configured in server.xml with the auth-db element. For more information, see auth-db.

Each authenticate line must specify the attribute (users, groups, or both users and groups) that the server authenticates. The following authentication statement, which appears after the ACL type line, specifies basic authentication with users matched to individual users in the database or directory:

authenticate (user) { method = “basic”; };

The following example uses ssl as the authentication method for users and groups:

authenticate (user, group) { method = “ssl”; };

The following example allows any user whose user name begins with sales:

authenticate (user)

allow (all)

user = sales*

If the last line is changed to group = sales, then the ACL will fail because the group attribute is not authenticated.