The iPlanet Application Server Customizer

Security (WAR)

You use the Security tab to specify security constraints to protect web content by defining a resource collection. A resource collection is a set of URL patterns and HTTP methods that describe a set of resources to protect. All requests that contain a request path that matches a URL pattern described in the resource collection is subject to a security constraint that you specify.

When specifying a security constraint, first you define the resource collection and then you map the resource collections to roles. Then you specify the transport layer constraint of the user data.

Field/Column

Explanation

You define the resource collection in the first half of this tab.

Collection

Enter a name for the resource collection.

URL Pattern

Enter the URL pattern(s) for this resource collection as a comma delimited list.

Method

Enter the HTTP method(s) as a comma delimited list for this resource collection.
HTTP methods can include GET, POST, GET and POST, depending on what the user's web server supports. If no HTTP methods are specified, then the security constraint applies to all HTTP methods.

You now map resource collections to roles and specify the transport layer.

Security Constraint

Enter a name for the security constraint or accept the default.

Collection

Enter a one or more resource collection names that you want apply access control.
The resource collection names that you enter must be predefined in the top half of this tab.

Roles

Enter the roles that are allowed to access the resources described by the resource collection.
Roles names are bound to actual users and groups when you deploy your application. If the user is not a member of an allowed role, the user is denied access to that resource.
Note that all roles entered in this column must be defined in the Link to Role column on the Sercurity Role Refs tab for servlet descriptors.

Transport Guarantee

Click in the column and choose NONE, INTEGRAL or CONFIDENTIAL to define the type of communication between the client and server as follows:
NONE: The application does not required any transport guarantees.
INTEGRAL: The application requires that data sent between the client and server is not changed in transit.(SSL is required).
CONFIDENTIAL: The application requires that data sent between the client and server is not read during transit. (SSL is required).

Add button

Click to add a new row for you to specify access control for a resource collection.

Remove button

Click to remove the selected row from the table.

Edit Collec. button

Select a row in the table and click the Edit Collec. button to open a dialog where you select a new collection name.
The dialog displays collection names that have been created in the first half of this dialog.

Edit Roles button

Select a row in the table and click the Edit Roles button to open a dialog where you can select one or more roles that are allowed to access the resource collection.
The dialog displays role names that have been specified on the Roles tab for web applications.

See also
	Using the Deployment Descriptors for Servlets/JSPs

Legal Notices

Field/Column	Explanation
You define the resource collection in the first half of this tab.
Collection	Enter a name for the resource collection.
URL Pattern	Enter the URL pattern(s) for this resource collection as a comma delimited list.
Method	Enter the HTTP method(s) as a comma delimited list for this resource collection. HTTP methods can include GET, POST, GET and POST, depending on what the user's web server supports. If no HTTP methods are specified, then the security constraint applies to all HTTP methods.
You now map resource collections to roles and specify the transport layer.
Security Constraint	Enter a name for the security constraint or accept the default.
Collection	Enter a one or more resource collection names that you want apply access control. The resource collection names that you enter must be predefined in the top half of this tab.
Roles	Enter the roles that are allowed to access the resources described by the resource collection. Roles names are bound to actual users and groups when you deploy your application. If the user is not a member of an allowed role, the user is denied access to that resource. Note that all roles entered in this column must be defined in the Link to Role column on the Sercurity Role Refs tab for servlet descriptors.
Transport Guarantee	Click in the column and choose NONE, INTEGRAL or CONFIDENTIAL to define the type of communication between the client and server as follows: NONE: The application does not required any transport guarantees. INTEGRAL: The application requires that data sent between the client and server is not changed in transit.(SSL is required). CONFIDENTIAL: The application requires that data sent between the client and server is not read during transit. (SSL is required).
Add button	Click to add a new row for you to specify access control for a resource collection.
Remove button	Click to remove the selected row from the table.
Edit Collec. button	Select a row in the table and click the Edit Collec. button to open a dialog where you select a new collection name. The dialog displays collection names that have been created in the first half of this dialog.
Edit Roles button	Select a row in the table and click the Edit Roles button to open a dialog where you can select one or more roles that are allowed to access the resource collection. The dialog displays role names that have been specified on the Roles tab for web applications.