This document has the following sections:

• Settings
• Procedures
• Buttons

A security realm contains users and/or groups plus their associated access control lists (ACL). The access control list for a user in a particular realm specifies the privileges that user is granted to access server resources. Resources include such things as files, directories, and servlets.

The Groups page allows you to add and delete groups, and to add or remove users in a group, for a given Realm. Creating groups makes it possible to assign access to web resources efficiently.

Once you've created a list of groups, you control their access to web pages and other server resources using the Add/Remove and Edit features on the Access Control page.

For a selected group, Java Web Server displays the list of users who are members of that group, and the name of the security realm to which the group is assigned.

Settings

Realm

The Java Web Server has the following security realms:

• UNIX - Applies only to users in a UNIX environment. It is the same database of users as listed by the UNIX getpwent() routines. This realm lets the server use HTTP "Basic" authentication with users' UNIX passwords.
• NTRealm - Applies only to users in a Windows NT environment and therefore is only available in the Win32 version of this product.
• defaultRealm - The realm for controlling the example servlets. This realm can also be used for general management of users and groups.
• certificateRealm - Used to protect resources for users who are authenticated using Secure Sockets Layer (SSL). This realm is only packaged in the versions of this product which include SSL.
• servletMgrRealm - Used exclusively for signed servlet support, which is used primarily by software publishers. Holds the X.509 certificates used to authenticate those publishers.

NOTE: On the UNIX realm, it is not possible to add a user through the Java Web Server. The UNIX realm is controlled through the DNS database and users must be added through that mechanism.

NOTE: To access NT realms, the server has to be run as Administrator and special rights ("Act as part of operating system") have to be granted to the Administrators group. To do this:

1. Go to the Programs -> Administrative Tools -> UserManager for domains panel.
2. Click on Policies -> User Rights.
3. Select the "Show Advanced User Rights" checkbox.
4. Enable "Act as part of operating system" rights for the administrator.

Group Name
This field lists the names of the groups assigned to the realm displayed in the realm field. The default group is adminGroup.

Members/Non-Members This field consists of two boxes, one listing the members of the group shown in the Groups field, the other the users in the selected Realm.

Procedures

To Display the Groups in a Realm:

• Select the name of the realm in the Realm field. The groups belonging to that realm are displayed in the Group Name field.

1. Select the realm in which you want to add the group.
2. Click Add Group. This displays the Add Group box.
3. Enter the name of the group you want to create.
4. Click Add. The new group is added to the Group Name field.

1. Select the realm that contains the group.
2. Select the group to which you want to add a user.
3. In the Non-Members box, select the user you want to add to the group.
4. Click Add.

1. Select the realm that contains the group.
2. Select the group that contains the user you want to delete.
3. In the Members box, select the user you want to delete.
4. Click Remove.

1. Select the realm that contains the group.
2. Select the group that you want to delete.
3. Click Remove Group.
4. Click Yes on Remove Group box.

• Add Group - Adds a group to the selected Realm.
• Remove Group - Removes a group from the selected Realm.
• Add - Adds a user to a group.
• Remove - Removes a user from a group.

Top java-server-feedback@java.sun.com

Copyright © 1997 Sun Microsystems, Inc. All Rights Reserved.