Sun Java System Web Server 6.1 SP12 Programmer's Guide

Access Control API

The Access Control API is a C API that allows you to programmatically control accessibility on Sun Java System Web Server.

Access control lists (ACLs) determine the access privileges to the resources on the server. Each ACL contains a list of access control entries. The following access control entry, for example, specifies that all access is denied to everyone for any resource having a URI that starts with /private.


acl "uri=/private/*";
deny (all)
(user = "anyone");

To create access control lists, use the Restrict Access page in the Preferences tab of the Server Manager interface. You can also edit the files that contain the ACLs used by the server.

The default access control list resides in the directory server_root/httpacl. The default ACL file is generated.https-server_id.acl. There is also a file called genwork.https-server_id.acl that is a working copy the server uses until you save and apply your changes when working with the user interface. When editing the ACL file, you might want to work in the genwork file and then use the Server Manager to load and apply the changes.

With the Sun Java System Web Server 6.1, you can configure and reference multiple ACL files. For more information about configuring ACL files for virtual servers, see the Sun Java System Web Server 6.1 SP12 Administrator’s Guide.

With the Access Control API you can modify ACLs, read and write ACL files, and evaluate and test access to resources on the server.

You can also define your own attributes for authentication. For example, you can authenticate users based on e-mail address or on the URL that referred them to the resource:

allow (read) referer="*www.acme.com*"

You can also authenticate the client based on your own authentication methods and databases.

Registering New Authentication Services

To tell the server to use your attributes for authentication, you must define your own Loadable Authentication Service (LAS), which is an NSAPI plugin. You load it into the server in the usual manner by adding the following directives to magnus.conf: