RSA Security 3.75 Certification Checklist for Application Servers, Date Tested 01/31/02, Servlet

Web/Presentation

JSP

Access/Allow on unprotected JSP page

Access/Allow on protected JSP page (URL only) with entitled user

Access/Deny on protected JSP page (URL & Method) with entitled user on URL only Access/Deny on protected JSP page (URL & Method) with entitled user on Method only Access/Deny on protected JSP page (URL & Method) with entitled user on Method only Access/Allow on protected JSP page (Method only) with entitled user

Access/Deny on protected JSP page (URL only) with unentitled user

Access/Deny on protected JSP page (URL & Method) with unentitled user on URL only Access/Deny on protected JSP page (URL & Method) with unentitled user on Method only Access/Deny on protected JSP page (URL & Method) with unentitled user on Method only Access/Deny on protected JSP page (Method only) with unentitled user

Servlet

Access/Allow on unprotected Servlet

Access/Allow on protected Servlet (URL only) with entitled user Access/Allow on protected Servlet (URL & Method) with entitled user Access/Deny on protected Servlet (URL & Method) with entitled user on URL only Access/Deny on protected Servlet (URL & Method) with entitled user on Method only Access/Allow on protected Servlet (Method only) with entitled user

Access/Deny on protected Servlet (URL only) with unentitled user Access/Deny on protected Servlet (URL & Method) with unentitled user Access/Deny on protected Servlet (URL & Method) with unentitled user on URL only Access/Deny on protected Servlet (URL & Method) with unentitled user on Method only Access/Deny on protected Servlet (Method only) with unentitled user

Business Logic

Pass

Pass

N/A

N/A

N/A

N/A

Pass

N/A

N/A

N/A

N/A

Pass

Pass

N/A

N/A

N/A

N/A

Pass

N/A

N/A

N/A

N/A

EJB

Access/Allow on unprotected EJB

Access/Allow on protected EJB with entitled user Access/Deny on protected EJB with unentitled user

N/A

N/A

N/A