Sun Java System Web Server provides new flat file authentication and closer integration of native access control with web application security constraints. However, core authentication and authorization support is the same as in the version 6.0 release.
Sun Java System Web Server 6.1, apart from providing ACL-based authentication, also leverages the security model defined in the J2SE Specification to provide several features that help you develop and deploy secure Java Web applications. The J2SE/Servlet-based access control infrastructure relies on the use of security realms.
In Sun Java System Web Server 6.1, authentication is performed by Java security realms which are configured through AUTHREALM entries in the server.xml file. In case any such rules have been set, authorization is performed by access control rules in the deployment descriptor file web.xml, .
For more information about security-related features in Sun Java System Web Server 6.1, see the Sun Java System Web Server 6.1 SP10 Administrator’s Guide and the Sun Java System Web Server 6.1 SP10 Programmer’s Guide.