Recommendations for Setting Up Security in a Deployment Descriptor File
This section describes how you might want to set up your deployment descriptor file to secure web applications. Add two security sections to the deployment descriptor file:
The <login-config> section validates a user’s name and password when the user invokes the web application. By default,
Integration Server displays a standard browser authentication screen. For more information, see
Setting Up Web Application Authentication.
The following example shows a global deployment descriptor file that restricts access to all web applications that reside on the server to users belonging to the “Administrators” ACL. It also indicates that authentication should be performed using standard (basic) browser authentication.
Security sections in a deployment descriptor