Web component security
A web module consists of servlets, JSP files, server-side utility classes, static web content, which includes HTML, images, sound files, cascading style sheets (CSS), and client-side classes or applets. Use development tools such as Rational Application Developer to develop a web module and enforce security at the method level of each web resource.
We can identify a web resource by its URI pattern. A web resource method can be any HTTP method (GET, POST, DELETE, PUT, for example). We can group a set of URI patterns and a set of HTTP methods together and assign this grouping a set of roles. When a web resource method is secured by associating a set of roles, grant a user at least one role in that set to access that method. We can exclude anyone from accessing a set of web resources by assigning an empty set of roles. A servlet or a JSP file can run as different identities before invoking another enterprise bean component.
Secured web resources require the user to log in using a configured login mechanism. Three types of web login authentication mechanisms are available:
- basic authentication
- form-based authentication
- client certificate-based authentication
A portlet resource that is part of a web module can also be protected when it is accessed directly through URL. The protection is similar to other web based resources.
For more detailed information on web security, see the product architectural overview article.
Related:
Portlet URL security Assemble web applications Secure web applications using an assembly tool