Types of protection
You can use three type of resources to control access
to your resources through the http server:
User name and password protection
SSL client authentication
Address template protection
You can use one type of protection by itself
or use them together.
Why sample cases
We believe that some examples could more easily guide
users into this matter.
We do not provide full documentation for all possible
cases, we just concentrate on the easiest ones.
As a matter of fact, all of our cases deal with
user name and password protection,
as this technique is the first
one would initially want to try.
Should you want to read more descriptive material
about the three techniques, please consult the following pages:
If you need to protect an intranet site,
we suggest you read about Address template protection.
Our sample cases
We recommend you study our cases in sequence:
what we wrote for a case may not be repeated
in a next one.
This case teaches how to validate
the access to a given URL
using an existing OS/400 user profile.
To access the protected URL,
the user should type in
the User_Name and the Password
of the authorized user profile
See the
example .
This case teaches how to validate
the access to a given URL
using a validation list. Validation list objects are a new object type *VLDL
since V4R1 that provide a method for applications
to securely store user authentication information.
To access the protected URL,
the user should type in
the User_Name and the Password
of a user mentioned on a given validation list.
See the
example .
ACL files allow to restrict the access to given URLs
to single internet users or to groups of internet users
within a validation list.
This is the way you create priviledges
within a validation list.
See the
example .
As to protection, a CGI program is just another URL.
Its protection through a validation list can therefore
be performed as shown in Case02.
However, it might be of some interest seing it done
as a separate case.
See the
example .
