Sun Java System Web Server 6.1 SP11 Administrator's Guide

Overview of ACL-based Access Control

ACL-based access control is described at length in Chapter 10, Controlling Access to Your Server. The following section provides a brief overview of the key concepts.

Sun Java System Web Server 6.1 supports authentication and authorization through the use of locally stored access control lists (ACLs), that describes what access rights a user has for a resource. For example, an entry in an ACL can grant a user named John read permission to a particular folder, misc.

acl "path=/export/user/990628.1/docs/misc/";
  authenticate (user,group) {
     database = "default";
     method = "basic";
  deny (all) (user=”anyone”);
  allow (read) (user = "John");

The core ACLs in Sun Java System Web Server 6.1 supports three types of authentication: basic, SSL, and digest.

Basic authentication relies on lists of user names and passwords passed as cleartext. The SSL method requires the browser to have a user certificate, which contains the user’s public key and other user information such as name, email, and so on. Digest authentication uses encryption techniques to encrypt the user’s credentials.

The main features of the ACL-based access control model are described below:

In addition, the Sun Java System Web Server 6.1 SSL engine supports external crypto hardware to offload SSL processing and provides optional tamper-resistant key storage.

For more information about access control and the use of external crypto hardware, see Chapter 9, Controlling Access to Your Server.