When you create a Web service, you have the option of applying security constraints so that only approved clients (those with administrator privileges, for example) can execute it. You specify the security constraints using a security configuration, which is a repository item that stores information that controls access to the Web service. You can create any number of different security configurations using the Web Services Administration UI, and you can apply a security configuration to any number of Web services.
A security configuration has a corresponding security policy component, plus an optional ACL. A security configuration is identified by its functional name, which is a property of the repository item that maps the security configuration to a security component and ACL.
This section describes the main components involved in securing Web service methods, as well as how to create security configurations through the Web Services Administration UI. For a broader discussion of ATG’s security API, see the Managing Access Control chapter in the ATG Programming Guide.
