In an enterprise computing environment there are many security risks. The goal of Sun Java System Web Server is to provide highly secure, interoperable, and distributed component computing based on the J2SE security model. The security goals for Sun Java System Web Server include the following:
Full compliance with the Java Servlet 2.3 security model. This includes servlet role-based authorization. For more information, see the Security chapter in the Java Servlet 2.3 specification, which can be downloaded from:
Support for single sign-on across all Sun Java System Web Server applications within a single security domain.
Support for several underlying authentication realms, such as simple file and LDAP. Certificate authentication is also supported for SSL client authentication. For Solaris, OS platform authentication is supported in addition to these.
Support for declarative security via Sun Java System Web Server-specific XML-based role mapping.
Support for Java policy (Security Manager) enforcement.
The Sun Java System Web Server 6.1 Administrator’s Guide also contains detailed information about J2SE-based security.