1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
  6. Manual

Protecting Web And Enterprise Javabeans Modules; Configuring Access Control - Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE Manual

J2ee* agent guide
Hide thumbs
Table of Contents

Advertisement

Protecting Web and Enterprise
6
JavaBeans Modules
The J2EE Agent mechanisms for protecting Web and EJB (Enterprise JavaBeans) modules have far
more granularity than what you can configure on the J2EE application server. With the agent, you
can be very selective of what you are protecting. For a Web application, you can select to protect a
specific page or group of pages. For an Enterprise JavaBean, you can select to protect a bean, an
interface, a method, or a parameter. After you have selected the granularity of the resource you want
to protect, you can then configure a policy that grants access to this resource. You can use roles as
part of this policy, but you can refine it by using other criteria such as LDAP attributes, credential
profile attributes, or the day of the week.
The J2EE Agent also allows you to decide how you want authorization handled. You can use the
security settings configured on the application server, you can use the Authorization policies
configured on the J2EE Agent, or you can use both methods.
The following sections explain how to set up security for your J2EE resources:
Section 6.1, "Configuring Access Control," on page 79
Section 6.2, "Protecting Web Resources," on page 80
Section 6.3, "Protecting Enterprise JavaBeans Resources," on page 82

6.1 Configuring Access Control

The access control configuration determines which Authorization policies are used to allow access
to resources. The application server must be configured to allow the J2EE Agent to enforce
authorization:
Section 4.2, "Configuring Applications on the JBoss Server," on page 69
Section 4.3, "Configuring Applications on the WebSphere Server," on page 71
Section 4.4, "Configuring Applications on the WebLogic Server," on page 73
After you have configured the J2EE server for authorization, you need to configure the J2EE Agent
for access control:
1 In the Administration Console, click Devices > J2EE Agents > Edit.
2 In the Access Control Configuration section, select one or more of the following:
Enforce application server policy: Allows access based on the policy of the application
server. These policies are defined on the application server in a
in a
file for a
ejb-jar.xml
IMPORTANT: If you select this option and you are using a JBoss server, see
"Configuring Security Constraints," on page 70
file.
.jar
for additional information.

Protecting Web and Enterprise JavaBeans Modules

file for a
file and
web.xml
.war
Section 4.2.2,
6
79

Advertisement

Table of Contents
loading

Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE

Related Content for Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE

This manual is also suitable for:

Access manager 3.1 sp 1

Table of Contents