Sun Java System Web Server 7.0 Update 4 Administrator's Guide

Adding an Access Control List (ACL)

The following section describes the process of adding a new ACL to the configuration.

  1. Click the Configurations tab and select the configuration.

  2. Click theAccess Control sub tab > Access Control Lists sub tab.

  3. Click theNew button to add a new ACL.

Configure the following parameters:

Table 7–2 ACL Parameters




Named/URI/Path. Select the type of resource you need to set access restriction and specify the value. Example for URI resource — “/sales”. Example for Path resource — “/usr/sun/server4/docs/cgi-bin/*”. 

Authentication DB

Authentication Database lets you select a database the server will use to authenticate users.

The default is keyfile

Authentication Method

  1. Basic — uses the HTTP Basic method to obtain authentication information from the client. The username and password are only encrypted over the network if SSL is turned on for the server.

  2. SSL — uses the client certificate to authenticate the user. To use this method, SSL must be turned on for the server. When encryption is on, you can combine Basic and SSL methods.

  3. Digest — uses an authentication mechanism that provides a way for a browser to authenticate based on username and password without sending the username and password as clear text. The browser uses the MD5 algorithm to create a digest value using the user’s password and some information provided by the Web Server. Note that in order to use Digest the underlying auth-db must support digest as well. This means either a File auth-db using digestfile or an LDAP auth-db must be present if the Digest Authentication Plug-in has been installed

  4. Other — uses a custom method created using the access control API.

Prompt for Authentication

Prompt for Authentication option enables you to enter message text that appears in the authentication dialog box. You can use this text to describe what the user needs to enter. Depending on the browser, the user will see the first 40 characters of the prompt.

Web browsers typically cache the username and password, and associate them with the prompt text. When the user accesses server files and directories with the same prompt, the usernames and passwords won’t need to be entered again. If you want users to authenticate again for specific files and directories, you simply need to change the prompt for the ACL on that resource. 

Denied Access Response

Specify the response action when an access to a resource is denied. 

1. Respond with default message — Select this option to display the standard access denied message from the server. 

2. Respond with URL — Select this option to forward the request to any other external URL or error page. 

Note –

Using CLI

To add an ACL through the CLI, execute the following command.

wadm> set-acl --user=admin --password-file=admin.pwd 
--host=serverhost --port=8989 --vs=config1_vs_1 --config=config1 

See CLI Reference, set-acl(1).