Java Server

Resource Protection (Beta)


Contents / Settings / Procedures / Buttons

The Resource Protection page allows you to control user access to server resources such as servlets, files, or directories by assigning the resource to an access control list. You can view, add, delete, or edit the access control list to which a server resource is assigned.

For each resource you want to protect, you can specify:

Settings

The Resource Protection page has the following five fields:

Realm
A realm is a database of users, groups, and access control lists. It is used to specify which users have access to the resources of a specific service (for example, the Web Page Service).

The Java Server uses the list of users in the database to identify the customers for the service. Users that are not included in the realm cannot be added to any access control list for the service. Users not on an access control list are generally denied the use of the service.

In some cases, a service does not require that its customers be in an access control list. For example, many web page (HTTP) services make their documents available to all users without requiring that they be registered in an ACL first.

Specific access control policies are applied to both users and groups in the database. For example, one user (or group) may be granted only GET permission to the service, and thus only be able to retrieve and read documents from it. Another user (or group), however, may be granted both GET and POST permissions, meaning that the user (or the members of the group) can add documents for display, as well as read them. Both users (or groups) are in the same realm, but the access control policies applied to them are different.

Note: Individual access control permissions take precedence over group settings. For example, if a user in a group has both GET and POST access, but the group has only GET access, the user is still able to do both GET and POST.

By assigning specific access settings to each user and each group, you can control precisely how the resources of a service are used, and by whom.

The Java Server has three security realms. These are:

ACL Name
Lists the names of the access control lists associated with the realm that is being displayed. Each access control list has defined users and groups, and defined permissions that pertain to each of those users and groups. The access control list for the Realm controls who has access to that realm on the Java Server.

Resource
Lists the resources being protected. This can be a directory, such as a the default document directory public_html and specific files within it, or a servlet directory and specific servlet.

Type
Defines the protocol that the resource runs under. There are three types in the Java Server: HTTP, Proxy, and SHTTP (secure) protocols.

Scheme
Defines the authentication method used to protect the resource. There are two kinds of schemes:

Both of the above authentication schemes use access control lists to control access to server resources. However, Basic authentication sends a user's password over the network, where it potentially could be recognized by an eavesdropper. Digest authentication does not send a user's password over the network. However, the server must still know the client's password; the client and other servers are still at high risk if the server is successfully attacked.

If you don't assign an access control list to a server resource, Java Server applies the default access control.

ACL
Defines the name of the access control list used to protect the resource.

Procedures

To Add a Protected Resource

  1. Click Add. This displays the Add Resource to Realm box.
  2. Select the Resource Type (either HTTP or servlet).
  3. Enter the name of the resource in the Resource field. The entry should be a pathname/filename or pathname/servletname combination.
  4. Select a Security Scheme (either Basic or Digest).
  5. Select an access control list (ACL) to assign to the resource.
  6. Click Apply or OK. (Clicking OK removes the Add Resource to Realm box from the screen; clicking Apply leaves it visible for further entries or changes.)

    To Delete an Entry From The List:

    1. Select the entry you want to delete.
    2. Click Remove.

    To Edit an Entry:

    1. Select the entry.
    2. Click Add.
    3. Change the information in the Add Resource to Realm box.
    4. Click Apply or OK. (Clicking OK removes the Add Resource to Realm box from the screen; clicking Apply leaves it visible for further entries or changes.)

    Buttons

    To make changes to the Resource Protection page and have those settings take affect, use the two buttons at the bottom of the screen. These are:
    Top
    java-server-feedback@java.sun.com