Fine-tuning authorization at the HTTP server level
As it was reviewed in Chapter 3, Configuring User Authentication and Access it is possible to define users and groups employing the interface provided by the selected user registry. Keep in mind that the content of groups may be users (or more technically correct User IDs) and groups (group IDs) as well.
Note
Infrastructure component: User Registry (aka, LDAP server)
The first external component to the WebSphere environment involved in configuring the IHS server is the LDAP server. (In more general terms, the user registry). This server would probably already exist in your organization as part of the IT infrastructure. It is used to provide information about users and groups they belong.
This type of approach requires that security policy rules be enforced at the application deployment level or during the packaging of the EAR. Recall how in Chapters 5, Securing Web Applications and 6, Securing Enterprise Java Beans Applications there was a...