About Securing the Web Application
Integration Server uses Access Control Lists (ACLs) and the global deployment descriptor file to authenticate and authorize access to all web applications deployed within the Integration Server environment. These security mechanisms allow you to make access to a web application as restrictive (for example, restrict access to only certain people) or as liberal (for example, allow access to anyone) as you need. By default, Integration Server uses the “Administrators” ACL.
Note: | For more information about specifying JSP security constraints, see the Java Servlet standards. |