Administration Tool: Resources

Panel Description

Documentation Contents

/ Documentation Index

/ Glossary

/ Administration Tool Help

Purpose

A security realm contains users and groups plus their associated access control lists (ACL). The access control list for a user in a particular realm specifies the privileges that the user is granted to access server resources. Resources include such things as documents (URLs), files, directories, servlets, and services.

The Resources panel enables you to control user access to server resources by assigning the resource to an access control list. You can view, add, delete, or edit the access control list to which a server resource is assigned.

For each resource you want to protect, you can specify:

An authentication scheme
A security realm
An access control list (ACL)

Note: Resources that clients access via the PUT or DELETE request methods must be protected.

Location of panel in Administration Tool:

Log In	-->		Service name	-->	Manage	-->	Security
							\|_ Resources

Fields

Realm
A realm is a database of users, groups, and access control lists. Realms specify which users have access to the resources of a specific service (for example, the Web Service). For more information on realms and resource protection, see Administration Tool: Resource Protection.

Java^(TM) Web Server^(TM) has the following security realms:

certificateRealm - Used to protect resources for users who are authenticated using Secure Sockets Layer (SSL). This realm is only packaged in the versions of this product that include SSL.
defaultRealm - This realm can be used for general management of users and groups. It also controls the example servlets.
servletMgrRealm - Used exclusively for signed servlet support, which is used primarily by software publishers. Holds the X.509 certificates used to authenticate those publishers.
UNIX - Applies only to users in a UNIX^(R) environment. It is the same database of users as listed by the UNIX getpwent() routines. This realm lets the server use HTTP "Basic" authentication with users' UNIX passwords.
NTRealm - Applies only to users in a Windows NT environment (only available in the Win32 version of this product).

Note: To access NT realms, the server has to be run as Administrator and special rights ("Act as part of operating system") have to be granted to the Administrators group. To do this:

Go to the Programs -> Administrative Tools -> UserManager for domains panel.
Click on Policies -> User Rights.
Select the "Show Advanced User Rights" checkbox.
Enable "Act as part of operating system" rights for the administrator.

Resource
Lists the resources being protected. This can be a directory, such as the default document directory public_html and specific files within it, or a servlet directory and specific servlet.

Type
Defines the permissions that can be granted to the resource. There are two types in Java Web Server: File or Servlet.

Scheme
Defines the authentication method used, along with an access control list, to protect the resource. There are two kinds of schemes:

Basic - Sends plain text passwords which can potentially be seen by others..
Digest - Sends functions of passwords so that others can't read the passwords. While digest authentication does not send a user's password over the network, the server must still know the user's password. The user and other servers (because users normally share passwords between servers) are at risk if the server is successfully attacked. Also, not many browsers currently support digest authentication.

ACL
Defines the name of the access control list used to protect the resource. If you don't assign an access control list to a server resource, Java Web Server applies the default access control.

Note:
Setting access control on the Admin servlet can cause you to be locked out of Java Web Server. If this happens, you can recover by editing the properties file acl.properties. For more information, see the Java Web Server Release Notes. In general, you should not assign access control to any core internal servlet.

Buttons

Add
Adds a resource to the selected realm.

Modify
Enables you to modify a resource from the selected realm.

Remove
Removes a resource from the selected realm.

Procedures

To Protect a Resource

To Delete a Resource

To Edit a Resource

Top

java-server-feedback@java.sun.com