Sun Java System Web Server 7.0 Developer's Guide

Access Control API

The Access Control API is a C API that allows you to programmatically control the access privileges on Web Server.

Access control lists (ACLs) determines the access privileges to the resources on the server. Each ACL contains a list of access control entries. The following access control entry, for example, specifies that all access is denied to everyone for any resource having a URI that starts with /private.

acl "uri=/private/*";
deny (all)
(user = "anyone");

To create ACL:

  1. From the Common Task screen select the configuration from the drop-down list and click Edit Configurations tab.

  2. Click Access Control tab in the configuration screen.

  3. Click Access Control Lists (ACL) tab in the Authentication Databases screen.

  4. Click New to create an ACL.

The default access control list resides in the directory install_dir/admin-server/config. The default ACL file is default.acl.

With Web Server you can configure and reference multiple ACL files. For more information about configuring ACL files for virtual servers, see the Sun Java System Web Server 7.0 Administrator’s Guide.

With the Access Control API you can manipulate ACLs, read and write ACL files, and evaluate and test access to resources on the server.

You can also define your own attributes for authentication. For example, you might want to authenticate users based on e-mail address or on the URL that referred them to the resource:

allow (read) referer="**"

You can also authenticate the client based on your own authentication methods and databases.

Registering New Authentication Services

You must Define your own Loadable Authentication Service (LAS), which is an NSAPI plug-in. For the server to use your attributes for authentication. Load it into the server in the usual manner by adding the following directives to magnus.conf: