Sun Java System Web Server 7.0 Update 3 Developer's Guide

Access Control API

The Access Control API is a C API that enables you to programmatically control the access privileges on Web Server.

Access control lists (ACLs) determine the access privileges to the resources on the server. Each ACL contains a list of access control entries. The following access control entry, for example, specifies that all access is denied to everyone for any resource having a URI that starts with /private.


acl "uri=/private/*";
deny (all)
(user = "anyone");

         

ProcedureTo Create an ACL

  1. Login to Admin Console

  2. From the Common Task screen select the configuration from the drop-down list and click Edit Configurations tab.

  3. Click the Access Control tab in the configuration screen.

  4. Click the Access Control Lists (ACL) tab in the Authentication Databases screen.

  5. Click New to create an ACL.

    The default access control list resides in the directory install_dir/admin-server/config. The default ACL file is default.acl.

    With Web Server you can configure and reference multiple ACL files. For more information about configuring ACL files for virtual servers, see the Sun Java System Web Server 7.0 Update 3 Administrator’s Guide.

    You can use the Access Control API to manipulate ACLs, read and write ACL files, and evaluate and test access to resources on the server.

    You can also define your own attributes for authentication. The following example shows how you could authenticate users based on an e-mail address or on the URL that referred them to the resource:

    allow (read) referrer="*www.acme.com*"

    You can also authenticate the client based on your own authentication methods and databases.

Registering New Authentication Services

You must define your own Loadable Authentication Service (LAS), which is an NSAPI plug-in in order for the server to use your attributes for authentication. Load this plug-in into the server manner by adding the following directives to magnus.conf: