Web Server provides highly secure, interoperable, and distributed component computing based on the Java EE security model. The security goals for Web Server include the following:
Full compliance with the Java Servlet 2.5 security model, including role-based authorization. For more information, see the Security chapter in the Java Servlet 2.5 specification at
Support for single sign-on across all Web Server applications within a single security domain.
Support for several underlying authentication realms, such as simple file and LDAP. Certificate authentication is also supported for SSL client authentication. Solaris OS platform authentication is also supported.
Support for declarative security through Web Server specific XML-based role mapping.
Support for Java Security Manager enforcement.
For more information about Java EE security, see the Chapter 6, Certificates and Keys, in Sun Java System Web Server 7.0 Update 8 Administrator’s Guide