ACL-based access control is described at length in the Configuring Access Control in Sun Java System Web Server 7.0 Update 1 Administrator’s Guide. This section provides a brief overview of the key concepts.
Web Server supports authentication and authorization through the use of locally stored ACLs, which describe what access rights a user has for a resource. For example, an entry in an ACL can grant a user named John read permission to a particular folder named misc:
acl "path=/export/user/990628.1/docs/misc/"; authenticate (user,group) { database = "default"; method = "basic"; }; deny (all) (user = "John"); allow (read); |
The core ACLs in Web Server support three types of authentication: basic, certificate, and digest.
Basic authentication relies .
On lists of user names and passwords passed as cleartext.
Certificates bind a name to a public key.
Digest authentication uses encryption techniques to encrypt the user’s credentials.
The ACL-based access control model includes the following features:
ACL-based authentication uses the following configuration files:
install_dir/config/*.acl files
install_dir/config/server.xml
Authentication is performed by auth-db modules that are configured in the server.xml file.
Authorization is performed by access control rules set in the install_dir/config/*.acl files, if ACLs are configured.
In addition, the Web Server SSL engine supports external crypto hardware to offload SSL processing and to provide optional tamper-resistant key storage.
For more information about ACL-based access control and the use of external crypto hardware, see the Web Server Administrator’s Guide.