NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

161

162

163

164

165

166

167

168

169

170

NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator’s Guide—544548-004

8-1

8 Security Considerations

This chapter includes these sections:



Virtual Hosts



Roles



Single Sign-On

The Admin Web application directly changes the attributes of the NSJSP 6.0 container,

which affects every application running in the container. The Manager Web application

enables you to install, deploy, and control all web applications running in the NSJSP

container. Therefore, the Admin and Manager web applications are security-sensitive

applications and proper security constraints must be implemented.

Virtual Hosts

If you have more than one virtual host in your NSJSP 6.0 environment, you need only

one Admin web application to administer the NSJSP 6.0 container. However, you need

one Manager Web application for every virtual host because the Manager Web

application only manages web applications in the same virtual host. If, for any reason,

you do not want to expose online web application manageability for a virtual host, you

can remove the Manager Web application from the virtual host.

For information on virtual host, refer http://tomcat.apache.org/tomcat-6.0-doc/virtual-

hosting-howto.html.

You can also use the Admin application to add the Manager Web application to your

virtual host. See Administering Connector Objects on page 4-17.

Roles

The security constraints for the Admin and Manager Web applications are

implemented using Roles. The NSJSP 6.0 container performs the access control for

these web applications just as it does for any other web application. To modify the

security constraints, modify the deployment descriptor file web.xml in the WEB-INF

directory under the Admin or under the Manager docBase directory (see Context and

Default Context Objects on page C-3). By default, the Admin Web application uses the

Admin role and the Manager Web application uses the Manager role for their access

control. HP recommends you to choose your security roles for better security control.

Single Sign-On

You can configure the Admin and Manager Web applications to use the Single Sign-On

concept in the same virtual host to perform the configuration and management

functions after a single login. You are required to log on to an individual virtual host to

manage its web applications.