NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

391

392

393

394

395

396

397

398

399

400

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-42

Using Realms to Implement Security

The Admin and Manager Web Applications are security-sensitive applications and

proper security constraints must be implemented so that only authorized users are

allowed access to these Web Applications.

For more information on the Admin and Manager Web Applications, see Chapter 4,

Managing NSJSP.

The following sections discuss how security can be implemented in these Web

Applications:



Using Realms to Implement Security



Monitoring Server Classes and Hosts

Using Realms to Implement Security

When a user attempts to access a Manager, NSJSP Manager, or Admin Web

application, the user’s credentials are verified and validated using the Realms

repository. For a detailed description on the usage of Realms for implementing security

in a web application, see Realms on page 8-7.

Monitoring Server Classes and Hosts

Starting with NSJSP 6.1, a user can manage multiple NSJSP installations in one iTP

WebServer installation. Each NSJSP installation can have multiple hosts and each

host can contain multiple applications. Each installation of NSJSP is associated with a

unique server class. All the hosts might not need access to all the server classes.

Therefore, a security constraint may be implemented so that only certain hosts are

visible for a particular server class.

The NSJSP Manager enables you to monitor hosts and server classes as defined in

the <NSJSP_MANAGER_HOME>/conf/host-access.properties file. You can use

the Scope tab in the NSJSP Manager Web Application to select a Host in a specific

server class. Hosts and the server class displayed in the NSJSP Manager depends on

the definition in the <NSJSP_HOME>/webapps/ROOT/WEB-INF/host-

access.properties file.

Example 8-12

provides sample definition in the host-access.properties file.

Example 8-12

indicates that all users with role manager can manage all server

classes (indicated by the first * in *:*) and all the Hosts in those server classes

(indicated by the second * in *:*).

Example 8-13

shows different formats to define a role in the host-

access.properties file.

Example 8-12. Sample host-access.properties File

manager=*:*

admin=*.*