Adding Configuring a WebApp Components Security

Resources of a Web application are secured using security policies that provide authentication, access control for resources, and confidentiality or data privacy.

Authentication: The means by which communicating entities prove to one another that they are acting on behalf of specific identities authorized for access.

Access control for resources: The means by which interactions with resources are limited to collections of users or programs in order to enforce integrity, confidentiality, or availability constraints.

Confidentiality or data privacy: The means used to ensure that information is made available only to users who are authorized to access it.

The WebApp component provides the Form-based Authentication and the Security Constraint policies to implement security policies for authentication and authorization of resources.

If a WebApp component is created from a WAR file or WTP project, which already contains the security configuration in web.xml, the security configuration from web.xml will be mapped to the WebApp’s policy configuration.
Note: Do not add or modify the form-based authentication data directly in web.xml. You must use the provided interface (Implementation > Security tab or Policies tab) to do this.