Java Server

Access Control (Beta)


Contents / Settings / Buttons

The Access Control page allows you to add and delete access control lists, and to add or delete the users and groups they contain. Access control lists let you control the users and groups that access your web pages and other server resources.

In the Java Server, Server administration is controlled through the adminRealm and the adminACL in that realm. Anyone granted GET privilege in adminACL is allowed to sign on to, and use, the administrative pages.

Note: To enforce access control, you must first enable it in the Basic Configuration page.

Settings

The Access Control page has two functions you can carry out. You can add and remove access control lists (ACLs) using the Add/Remove function, and you can edit access control lists using the Edit function.

Realm
A realm is a database of users, groups, and access control lists. It is used to specify which users have access to the resources of a specific service (for example, the Web Page Service).

The Java Server uses the list of users in the database to identify the customers for the service. Users that are not included in the realm cannot be added to any access control list for the service. Users not on an access control list are generally denied the use of the service.

In some cases, a service does not require that its customers be in an access control list. For example, many web page (HTTP) services make their documents available to all users without requiring that they be registered in an ACL first.

Specific access control policies are applied to both users and groups in the database. For example, one user (or group) may be granted only GET permission to the service, and thus only be able to retrieve and read documents from it. Another user (or group), however, may be granted both GET and POST permissions, meaning that the user (or the members of the group) can add documents for display, as well as read them. Both users (or groups) are in the same realm, but the access control policies applied to them are different.

Note: Individual access control permissions take precedence over group settings. For example, if a user in a group has both GET and POST access, but the group has only GET access, the user is still able to do both GET and POST.

By assigning specific access settings to each user and each group, you can control precisely how the resources of a service are used, and by whom.

The Java Server has three security realms. These are:

ACL Name
Lists the names of the access control lists associated with the realm that is being displayed. Each access control list has defined users and groups, and defined permissions that pertain to each of those users and groups. The access control list for the Realm controls who has access to that realm on the Java Server.

Procedures

To Display the ACLs in a Realm:

Using Add/Remove

To Create an Access Control List:

  1. Select the realm under which you want to create the access control list.
  2. Click Add. This displays the Add ACL box.
  3. Enter the name of the access control list.
  4. Click Add.

To Remove an Access Control List:

  1. Select the realm under which you want to remove the access control list.
  2. Click Remove. This displays the Remove ACL box and asks if you want to remove the ACL.
  3. Click Yes.

Using Edit

To Add a User or Group to an Access Control List:
  1. Select the realm that contains the access control list.
  2. Add the user to the Realm using the Users page Add command.
  3. Return to the Edit page.
  4. Select the access control list to which you want to add an entry.
  5. Click Add Permission. This displays the Edit ACL box.
  6. Select the user or group you want to give permission to.
  7. Select the HTTP permissions you want to grant (GET, PUT, or POST), or the Servlet permissions (there are eight).
  8. Click OK or Apply. (Clicking OK removes the Edit ACL box from the screen; clicking Apply leaves it visible for further entries or changes.)

Note: For any given user in a group, the user's access control permissions always take precedence over the group's permissions.

To Allow Access Only From a Specific Computer:

  1. Select the realm that contains the access control list.
  2. Select the access control list to which you want to add an entry.
  3. Click Add Permission.
  4. Click on the Computer radio button.
  5. Enter the name of the host either as a name or as an IP address. You can use the wild card character (*) when entering a host name (for example, *.edu). Requests that originate from hosts other than the specified host will be denied.
  6. Click OK or Apply. (Clicking OK removes the Edit ACL box from the screen; clicking Apply leaves it visible for further entries or changes.)

To Delete an Entry in an Access Control List:

  1. Select the realm that contains the access control list.
  2. Select the access control list that contains the entry you want to delete.
  3. Select the entry.
  4. Click Remove Permission.
  5. When you see the Remove Permission box, click Yes.

To Completely Delete a User Account from a Realm:

  1. Select Access Control --> Edit.
  2. Select the Realm.
  3. Under Principal/Permissions, select the user name.
  4. Click on Remove Permission. When you see the Remove Permission box, click Yes.
  5. Select Security --> Groups.
  6. Select the Realm.
  7. Select the Group.
  8. Select the user name to be removed from the Group.
  9. Click Remove.
  10. Select Security --> Users.
  11. Select the user name to be removed.
  12. Click Remove. When you see the Remove User box, click Yes.

The Edit ACL Box

The Edit Acl box is used to assign permissions to specific users, or specific groups. It has the following fields:

Buttons

To make changes to the Access Control page and have those settings take affect, use the two buttons at the bottom of the screen. These are:
Top
java-server-feedback@java.sun.com