JSP Security Buttons

• Users

• Groups

• Access Control List

• Resources

The security button is shown in the following screen.

<b>Users</b><p align="justify">
The users area allows us to manage users who have access to the web service including the type of file and servlet access they are permitted.

Realm

A realm is a database of users, groups, and access control lists. It is used to specify which users have access to the resources of a specific service (for example, the Web Page Service).

The JavaTM Web ServerTM uses the list of users in the database to identify the customers for the service. Users that are not included in the realm cannot be added to any access control list for the service. Users not on an access control list are generally denied the use of the service.

In some cases, a service does not require that its customers be in an access control list. For example, many web page (HTTP) services make their documents available to all users without requiring that they be registered in an ACL first.

Specific access control policies are applied to both users and groups in the database.

By assigning specific access settings to each user and each group, you can control precisely how the resources of a service are used, and by whom.

The Java Web Server has the following security realms:

NT Applies only to users in a Windows NT environment and therefore is only available in the Win32 version of this product.

defaultRealm The realm for controlling the example servIets. This realm can also be used for general management of users and groups.

certificateRealm Used to protect resources for users who are authenticated using Secure Sockets Layer (SSL). This realm is only packaged in the versions of this product which include SSL.

servletMgrRealm Used exclusively for signed servIet support, which is used primarily by software publishers. Holds the X.509 certificates used to authenticate those publishers.

1 . Go to the Programs > Administrative Tools > UserManager for domains panel.

2. Click on Policies > User Rights.

3. Select the "Show Advanced User Rights" checkbox.

4. Enable "Act as part of operating system" rights for the administrator.

Procedures

To Display the Users in a Realm:

9 Select the name of the realm in the Realm field. The users belonging to that realm are displayed in the Name field.

To Add a New User to a Realm:

1 . Select the realm to which you want to add the user.

2. Click Add. This displays the Add User box.

3. Enter the user name of the user, and the user's password, and verify the password.

4. Click OK.

To Delete a User Account from a Realm:

1 . Select the realm from which you want to delete the user,

2. Select the user name to be removed.

3. Click Remove.

4. When you see the Remove User box, click Yes.

To Change a User's Password (defaultRealm only):

1. Select the realm that contains the user account you want to change.

2. Click Change Password. This displays the Change Password box.

3. Enter the user's new password and verify the password.

4. Click CK.

To Add a New User in the servletMgrRealm:
1 . Select the servietMgrRealm.

2. Click Add. This displays the Enter Certificate URL.

3. Enter the user name of the user, and the Certificate URL (this is the location of where your signed/unsigned certificate resides, that is, file:/home/icheng/ certirficate/myservlet.jar.sig or http://host/certificate/myserviet.jar.sig).

4. Click OK.

To make changes to the Users page and have those settings take effect, use the two buttons at the bottom of the screen. These are:

Add Adds a user to the selected Realm.

Remove Removes a user from the selected Realm.
Group Name

This field lists the names of the groups assigned to the realm displayed in the realm field. The default group is adminGroup.

Members/Non Members This field consists of two boxes, one listing the members of the group shown in the Groups field, the other the users in the selected Realm.

Procedures

To Display the Groups in a Realm:

0 Select the name of the realm in the Realm field. The groups belonging to that realm are displayed in the Group Name field.

To Create a Group:

1 . Select the realm in which you want to add the group.

2. Click Add Group, This displays the Add Group box.

3. Enter the name of the group you want to create.

4. Click Add. The new group is added to the Group Name field.

To Add a User to a Group:

1 . Select the realm that contains the group.

2. Select the group to which you want to add a user.

3. In the Non Members box, select the user you want to add to the group.

4. Click Add.

To Remove a User From a Group:

1 . Select the realm that contains the group.

2. Select the group that contains the user you want to delete.

3. In the Members box, select the user you want to delete.

4. Click Remove.

To Remove a Group:

1 . Select the realm that contains the group.

2. Select the group that you want to delete.
3. Click Remove Group.

4. Click Yes on Remove Group box.

The Access Control page has two functions you can carry out. You can add and remove access control lists (ACLs) using the Add ACL/Remove ACL function, and you can add and remove permissions from access control lists using the Add Permission and Remove Permission buttons.

Access Control Lists (ACLs)

Lists the names of the access control lists associated with the realm that is being displayed. Each access control list has defined users and groups, and defined permissions that pertain to each of those users and groups. The access control list for the Realm controls who has access to that realm on the Java Web Server.

Procedures

To Display the ACLs in a Realm:

Select the name of the realm in the Realm field. The access control lists (ACLs) belonging to that realm are displayed in the Access Control Lists (ACLs) field.

Using Add ACL/Remove ACL

To Create an Access Control List:

1 . Select the realm under which you want to create the access control list.

2. Click Add. This displays the Add ACL box.

3. Enter the name of the access control list.

4. Click Add ACL.

To Remove an Access Control List:

1 . Select the realm under which you want to remove the access control list.

2. Click Remove ACL. This displays the Remove ACL box and asks if you want to remove the ACL.
3. Click Yes.

To Add a User, Group, or Computer

To Add a User, Group, or Computer to an Access Control List:

1 . Select the realm that contains the access control list.

2.Add the user to the Realm using the Users page Add command.

3.Return to the Access Control Lists page.

4.Select the access control list to which you want to add an entry.

5.Click Add Permission. This displays the Add Permission box.

6.Select the user or group or computer you want to give permission to.

7. Select the HTTP permissions you want to grant (GET, PUT, POST, DELETE), or the Servlet permissions (there are eight).

8. Click OK or Apply. (Clicking OK removes the Add Permission box from the screen; clicking Apply leaves it visible for further entries or changes.)

To Allow Access Only From a Specific Computer:

1 . Select the realm that contains the access control list.

Select the access control list to which you want to add an entry.

Click Add Permission.

Click on the Computer radio button.

5. Enter the name of the host either as a name or as an I P address. You can use the wild card character (*) when entering a host name (for example, *.edu). Requests that originate from hosts other than the specified host will be denied.

6. Click OK or Apply. (Clicking OK removes the Add Permission box from the screen; clicking Apply leaves it visible for further entries or changes.)

To Delete an Entry in an Access Control List:

1 . Select the realm that contains the access control list.

2. Select the access control list that contains the entry you want to delete.

3. Select the entry.

4. Click Remove Permission.

5. When you see the Remove Permission box, click Yes.

To Completely Delete a User Account from a Realm:

Select Access Control Lists.

Select the Realm.

Under Principal/Permissions, select the user name.

Click on Remove Permission. When you see the Remove Permission box, click Yes.

5. Select Security > Groups.

6. Select the Realm.

7. Select the Group.

8. Select the user name to be removed from the Group.

9. Click Remove.

10, Select Security > Users.

11 Select the user name to be removed.

12. Click Remove. When you see the Remove User box. click Yes.

The Add Permission Box

The Add Permissions box is used to assign permissions to specific users, or specific groups. It has the following fields:

• Assign Permissions for Files and Folders and ServIets.

• Grant to For Files and Folders, there are three classes of permissions User, Group, and Computer. For ServIets there are only two: User, and Group. When you select a category, the users, groups, or machines that belong to it are displayed.

• Permissions Permissions can be either Allowed or Denied.

• Permissions
For Files and Folders there are four permissions:

GET can retrieve information from the server.

PUT a new copy of existing data can be put on the server,

POST new data can be put on the server.

DELETE delete data from server.

For Servlets, there are eight different permissions that can be denied or allowed. These are:

Load Servlet Allows you to load a named servlet.

Write files Allows you to write to any file on the server where the servlet is running.

Listen to socket Allows you to execute calls on a socket.

Link libraries Allows you to link any library called with the load library call.

Read files Allows you to read any file on system where the servlet is running.

Open remote socket Allows you to open any socket not on the current machine.

Execute programs Allows you to execute pro grams on the server where the servlet is running. (This is like cgi.)

Access system properties Allows you to access system properties. For more information see the documentation for java. lang. system.

The Add Permission box has the following five buttons¬

Ok Applies the permissions and removes the Add Permission box from the screen.

Apply Applies the permissions but leaves the Add Permission box displayed on the screen.

Clear Clears the currently selected entries (without applying them) and leaves the Add Permission box displayed on the screen.

Cancel Clears the currently selected entries (without applying them) and removes the Add Permission box from the screen.

Help Displays the. Help document for the Access Control Lists page.
Resources

The resources area allows you to control access to particular server resources such as files, folders, and servIets. The Resources Protection page has the following five fields:

1. Realm

2. Resource

Lists the resources being protected. This can be a directory, such as a default document directory public_html and specific files within it, or a servIet directory and specific servlet.

3. Type

Defines the permissions that can be granted to the resource. There are two types in the Java Web Server: File or servlet.

4. Scheme

Defines the authentication method used, along with an Access Control List, to protect the resource. There are two kinds of schemes.

Basic sends plain text passwords "over the wire", where they could potentially be seen by an eavesdropper.

Digest sends functions of passwords "over the wire", so that eavesdroppers can't read the passwords.

While digest authentication does not send a user's password over the network, the server must still know the user's password. The user and other servers (because users normally share passwords between servers) are at risk if the server is successfully attacked. Also, not many browsers currently support digest authentication.

If you don't assign an access control list to a server resource, Java Web Server applies the default access control.

5. ACL

Defines the name of the access control list used to protect the resource.

Procedures

To Protect a Resource:

1 . Click Add. This displays the Protect a Resource box.
2. Select a Security Scheme (either Basic or Digest).

3. Select an access control list (ACL) to assign to the resources

4. Select an option in the Specify Resource to Protect field

Pathname (a file or directory)

Servlet

If you're protecting a file or directory, enter the full path in the Pathname field, It you're protecting a servIet, select the servlet name from the pulldown menu.

5. Click Apply or OK. (Clicking OK removes the Protect a Resource box from the screen; clicking Apply leaves it visible for further entries or changes.)

To Delete an Entry From The List:

1 . Select the entry you want to delete.

2. Click Remove.

3. When the Remove Resource Protection box is displayed, click Yes.

To Edit an Entry:

1 . Select the entry.

2. Click Add.

3. Change the information in the Protect a Resource box.

4. Click Apply or OK. (Clicking OK removes the Add Resource to Realm box from
the screen; clicking Apply leaves it visible for further entries or changes.)

Domain Name Search