What is Access Control

Authentication is the process of confirming an identity. Authorization means granting access to a restricted resource to an identity, and access control mechanisms enforce these restrictions. Authentication and authorization can be enforced by a number of security models (Web application security, htaccess, Authentication Realm and more) and services.

Access control allows you to determine:

• Who can access your Administration Server

• Which applications they can access

• Who can access the files or directories on your web site

You can control access to the entire server or to parts of the server, or the files or directories on your web site. You create a hierarchy of rules called access control entries (ACEs) to allow or deny access. The collection of ACEs you create is called an access control list (ACL).

By default, the server has one ACL file that contains multiple ACLs. After determining the virtual server to use for an incoming request, Sun Java System Web Server checks if any ACLs are configured for that virtual server. If ACLs are found that apply for the current request, the server evaluates their ACEs to determine whether access should be granted or denied.

You allow or deny access based on:

• Who is making the request (User-Group)

• Where the request is coming from (Host-IP)

• When the request is happening (for example, time of day)

• What type of connection is being used (SSL)