Role-based authentication processes are handled by a Web container. Each user is given one or more roles for user management. The roles are configured using the <security-constraint> tag within the DD file (WEB-INF/web.xml) included in a J2EE application. For details about how to configure the J2EE application, see 6.2.2 Definitions in DD files.

Using a Web application, you can define the roles necessary for access to each particular URL within the context. When a Web client requests access to a restricted URL, the authentication process involves two steps:

• Determining whether the access request to be authenticated is from a valid user
• Determining whether the roles given to the user match those required for access

Only a user who is recognized as valid in both steps can access the restricted URL.

The table below shows the organization of this section.

Table 6-2 Organization of this section (Web container-based authentication using DD settings)

Part	Title	Relevant information
Description	Web container-based authentication functionality using DD settings	6.2.1
Implementation	Definitions in DD files	6.2.2
Setup	Setup in an execution environment (J2EE application setup)	6.2.3
Precautions	Precautions for using authentication functionalities	6.2.4

Note: This section does not include information on operation.

Organization of this section

6.2.1 Web container-based authentication functionality using DD settings

6.2.2 Definitions in DD files

6.2.3 Setup in an execution environment (J2EE application setup)

6.2.4 Precautions for using authentication functionalities