Mapping Roles to Restricted Areas (Sun Java System Web Server 6.1 SP9 Administrator's Guide)

Sun Java System Web Server 6.1 SP9 Administrator's Guide

Previous: Realm-based User Authentication
Next: Defining Access Control by Roles

Mapping Roles to Restricted Areas

J2SE access control is based on roles. To restrict access to specific HTML pages, servlets, JSPs, and so forth, you must define the following:

The restricted areas, as listed in the Web module descriptors (web.xml)
The roles which are granted access to each restricted area (in web.xml)
User and group mappings to roles, that determine which specific users are authorized to access which restricted areas (in sun-web.xml).

Users can assume multiple roles. Access is allowed to the corresponding areas on verification that users have been assigned at least one of the roles.

Use the samples located in the webapps/security directory with various access restrictions in Sun Java System Web Server 6.1 as templates. For additional discussion on Servlet role-based security, refer to the Servlet 2.3 specification.

Previous: Realm-based User Authentication
Next: Defining Access Control by Roles