Protecting Web Resources; Creating A Protected Resource For A Web Application - Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE Manual

Enforce additional authorization policies: Allows access based on the policies assigned to
the protected resources. If you do not configure any protected resources, users are denied
access to all resources. If a resource does not match any of the protected resource
configurations, all users are denied access to that resource.
You can enable both of these options, only one, or none. If you select neither, any user can
access the resources on the application server.
If you select to use only the J2EE Agent policies for authorization and you disable the Enforce
application server policy option, remember that authentication is triggered by the Web page for
a
.jar
IMPORTANT: Do not disable Enforce application server policy until you have configured
and tested the J2EE Agent policies and know that they are enforcing the security you require
and that users have access to the resources they require.
3 If you decided to use just the application server policies, click OK, then click Update > OK.
If you enabled Enforce additional authorization policies, click Define authorization policies
and continue with one of the following:
Section 6.2, "Protecting Web Resources," on page 80
Section 6.3, "Protecting Enterprise JavaBeans Resources," on page 82

6.2 Protecting Web Resources

Because you can define multiple protected resources for each Web application, you can protect some
URLs with one policy and other URLs with a different policy. For example, you might have some
pages in the application that you want all employees to access, and some pages that you want only
managers to access. For this application, you would create two protected resources, one for all
employees and one for managers. You would then assign a policy to each protected resource. The
following sections explain this process:
Section 6.2.1, "Creating a Protected Resource for a Web Application," on page 80
Section 6.2.2, "Assigning a Web Authorization Policy to the Resource," on page 82

6.2.1 Creating a Protected Resource for a Web Application

1 In the Administration Console, click Devices > J2EE Agents > Edit > Manage authorization
policies.
2 Click New and supply the following information:
Module File Name: The filename of the application. Specify the name of the file you are
protecting, including the file extension (
Type: The type of application. Select Web Module for a Web application.
3 Click OK.
4 To add a protected resource to the list, click New, specify a display name for the resource, then
click OK.
If possible, this name should indicate the URLs that you are going to configure for this
resource.
80 Novell Access Manager 3.1 SP1 Agent Guide
file and by the file for a
web.xml
file.
.war
for a Web application).
.war