Sun Java System Web Server 6.1 SP11 Administrator's Guide

Mapping Roles to Restricted Areas

J2SE access control is based on roles. To restrict access to specific HTML pages, servlets, JSPs, and so forth, you must define the following:

Users can assume multiple roles. Access is allowed to the corresponding areas on verification that users have been assigned at least one of the roles.

Use the samples located in the webapps/security directory with various access restrictions in Sun Java System Web Server 6.1 as templates. For additional discussion on Servlet role-based security, refer to the Servlet 2.3 specification.