NonStop Servlets for JavaServer Pages (5.0) System Administrator's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

201

202

203

204

205

206

207

208

209

210

NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-002

8-1

8 Security Considerations

•

Virtual Hosts on page 8-1

•

Roles on page 8-1

•

Single Sign-On on page 8-1

The admin web application directly changes the attributes of the NSJSP container

which affects every application running in the container. The manager web application

allows install, deploy, and control of all web applications running in the NSJSP

container. Therefore, the admin and manager web applications are security-sensitive

applications and proper security constraints should be implemented.

Virtual Hosts

If you have more than one virtual host in your NSJSP environment, you need only one

admin web application to administer the NSJSP container. However, you need one

manager web application for every virtual host since the manager web application only

manages web applications in the same virtual host. If, for any reason, you do not wish

to expose on-line web application manageability for a virtual host, you can remove the

manager web application from the virtual host. To add the manager web application to

a virtual host, you could copy the nsjsp_manager.xml (application configuration file)

residing in your $NSJSP_HOME/conf/NSJSP/<local-host-name>/ directory to

$NSJSP_HOME/conf/NSJSP/<virtual-host-name>/ directory before you start

the NSJSP 5.0 environment. You could also use the admin application to add the

manager web application to your virtual host. See Administering Context Objects on

page 4-20.

Roles

The security constraints for the admin and manager web applications are implemented

using Roles. The NSJSP container performs the access control for these web

applications just as it does for any other web application. To change the security

constraints, modify the web.xml the deployment descriptor file, in the WEB-INF

directory under admin or under the manager docBase directory (see Context and

Default Context Objects on page C-7). By default, the admin web application uses the

admin role and the manager web application uses the manager role for their access

control. It is recommended for better security control, you should choose you own

security roles.

Single Sign-On

The admin and manager web applications can be configured to use Single Sign-On in

the same virtual host so that the operator can perform both configuration and

management functions after a single login. However, the Single Sign-On works only in

the same virtual host. You are required to log onto each individual virtual host in order

to manage its web applications.