| // ======================================================================== |
| // Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd. |
| // ======================================================================== |
| // All rights reserved. This program and the accompanying materials |
| // are made available under the terms of the Eclipse Public License v1.0 |
| // and Apache License v2.0 which accompanies this distribution. |
| // |
| // The Eclipse Public License is available at |
| // http://www.eclipse.org/legal/epl-v10.html |
| // |
| // The Apache License v2.0 is available at |
| // http://www.opensource.org/licenses/apache2.0.php |
| // |
| // You may elect to redistribute this code under either of these licenses. |
| // ======================================================================== |
| |
| [[configuring-security-authorization]] |
| === Authorization |
| |
| There are two aspects to securing a web application(or context) within |
| Jetty: |
| |
| Authentication:: |
| The web application can be configured with a mechanism to determine |
| the identity of the user. See |
| link:#configuring-security-authentication[Configurating Security - |
| Authentication]. |
| Authorization:: |
| Once the identify of the user is known (or not known), the web |
| application can be configured with security constraints that declare |
| what resources that user may access. This is covered in this section. |
| |
| ==== Blah blah blah |
| |
| blah blah blah |
| |
| ==== Blah blah blah |
| |
| blah blah blah |
