Use this page to control user access to server resources such as servlets,
files, or directories by assigning the resource to an access control list. You
can view, add, delete, or edit the access control list to which a server
resource is assigned. For each resource you want to protect, you enter an
authentication scheme, the security realm, and the access control list that you
want to use.
To specify an access control list to use for a server resource:
- Enter the name of the resource in the Resource field:
- Servlet resources are labeled
Servlet.servletname, where
servletname is the name specified
in the "Servlet Loading" section of the
Administration tool.
- File or directory resources are paths as understood
by the host operating system, relative
to the server root directory.
- In the Scheme field, enter the authentication scheme (
Basic or Digest that you want to use for this resource.
Both schemes use access control lists to control access to server resources. However, Basic authentication sends a user's password over the network, where it potentially could be recognized by an eavesdropper. Digest authentication does not send a user's password over the network. However, the server must still know the client's password; the client and other servers are still at high risk if the server is successfully attacked.
- In the Realm field, enter the name of the realm that contains the access
control list you want to use.
- In the ACL field, enter the name of the access control list.
- Click Add.
If you don't assign an access control list to a server resource, Jeeves applies
the default access control.
To delete an entry from the list:
- Select the entry you want
to delete.
- Click Delete.
To edit an entry: Select the entry, delete it, and re-enter
it.
jeeves@java.sun.com
Last modified: 11/11/96