NonStop Servlets for JavaServer Pages (NSJSP) 7.0 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

201

202

203

204

205

206

207

208

209

210

Managing NSJSP

NonStop Servlets for JavaServer Pages (NSJSP) 7.0 System Administrator’s Guide—674372-005

4-12

NSJSP Manager Security

<role-name>appobserver</role-name>

</auth-constraint>

</security-constraint>

Various NSJSP Manager features map to their own unique URI patterns. For instance,

all the requests for the Admin feature map to an URI “/admin”. All operations in the

Admin feature which changes the configuration, such as the Save Changes button,

maps to the URI “/admin/update”. The following list provides all such mappings:



All the "Scope" tab URIs start as “/scope/”.



All the "Application" tab URIs start as “/app/”.



All the "Application" tab update URIs start as “/app/update/”.



All the "Server Class" tab URIs start as “/cluster/”.



All the "Server Class" tab update URIs start as “/cluster/update/”.



All the "MBeans" tab URIs start as “/mbeans/”.



All the "MBeans" tab update URIs start as “/mbeans/update/”.



All the "Deploy" tab URIs start as “/deploy”.



All the "Deploy" tab update URIs start as “/deploy/update/”.



All the "Admin" tab URIs start as “/admin/”.



All the "Admin" tab update URIs start as “/admin/update/”.

For example, an observer is given permissions for all the “/scope/”, “/app/”,

“/cluster/”, “/mbeans/”, “deploy/” and “/admin” URIs and is provided “No Access” to

remaining URI's.

Securing the URIs in the web.xml is necessary to prevent unauthorized access to the

NSJSP Manager functionality from outside the NSJSP Manager UI such as an

unapproved application that replicates the NSJSP Manager.

Defining a new role

To define a new role, perform the following steps:

1. Add a new role manually in the rights-controller.properties file and

assign appropriate rights as defined in Table 4-2.

2. Add the corresponding security rule for the new role in web.xml file.

3. Add the new role you created to the nsjsp-users.xml file. You can now map

this new role to a user. You can use the tool to add the newly created role to the

nsjsp-user.xml file.

4. Add the new role to the host-access.properties file to enable the role to

access the NSJSP installation instances. For more information on the host-