8-2 Oracle Fusion Middleware Administrators Guide for Oracle HTTP Server configuration parameters. The steps for handling URL requests are implemented through a module or plug-in architecture that is common to many Web listeners. Figure 8–1 shows how URL requests are handled by the server. Each step in this process is handled by a server module depending on how the server is configured. For example, if basic authentication is used, then the steps labeled Authentication and Authorization in Figure 8–1 represent the processing of the Apache mod_auth_basic, mod_authn_file, mod_auth_user, and mod_authz_groupfile modules. Figure 8–1 Steps for Handling URL Requests in Oracle HTTP Server

8.2 Classes of Users and Their Privileges

Oracle HTTP Server authorizes and authenticates users before allowing them to access, or modify resources on the server. The following are three classes of users that access the server using Oracle HTTP Server, and their privileges: ■ Users that access the server without providing any authentication. They have access to unprotected resources only. ■ Users that have been authenticated and potentially authorized by modules within Oracle HTTP Server. This includes users authenticated by Apaches mod_auth_ basic, mod_authn_file, mod_auth_user, and mod_authz_groupfile modules and Oracles mod_ossl. Such users have access to URLs defined in http.conf file. ■ Users that have been authenticated through mod_osso and Single Sign-On server. These users have access to resources allowed by Single Sign-On.

8.3 Resources Protected

Oracle HTTP Server is configured to protect resources such as: ■ Static content such as static HTML pages, graphics interchange format, .gif, files, and other static files that Oracle HTTP Server provides directly. ■ CGIFastCGI scripts, simple scripts or programs that Oracle HTTP Server invokes directly. See Also: Section 8.4, Authentication, Authorization and Access Control . See Also: Oracle Fusion Middleware Security Guide