5. Certification Checklist for Application Servers

Date Tested: 01/31/02

 

Product

Tested Version

 

 

RSA ClearTrust

4.6.1.1

 

 

 

SilverStream eXtend Application Server

3.75 Developer Edition

 

 

WSI Module (agisapi.dll)

1.0

 

 

 

Microsoft Internet Information Server (IIS)

4.0

 

 

 

 

 

 

 

 

Test Case

 

Result

 

 

 

 

 

 

Web/Presentation

JSP

Access/Allow on unprotected JSP page

Access/Allow on protected JSP page (URL only) with entitled user

Access/Deny on protected JSP page (URL & Method) with entitled user on URL only Access/Deny on protected JSP page (URL & Method) with entitled user on Method only Access/Deny on protected JSP page (URL & Method) with entitled user on Method only Access/Allow on protected JSP page (Method only) with entitled user

Access/Deny on protected JSP page (URL only) with unentitled user

Access/Deny on protected JSP page (URL & Method) with unentitled user on URL only Access/Deny on protected JSP page (URL & Method) with unentitled user on Method only Access/Deny on protected JSP page (URL & Method) with unentitled user on Method only Access/Deny on protected JSP page (Method only) with unentitled user

Servlet

Access/Allow on unprotected Servlet

Access/Allow on protected Servlet (URL only) with entitled user Access/Allow on protected Servlet (URL & Method) with entitled user Access/Deny on protected Servlet (URL & Method) with entitled user on URL only Access/Deny on protected Servlet (URL & Method) with entitled user on Method only Access/Allow on protected Servlet (Method only) with entitled user

Access/Deny on protected Servlet (URL only) with unentitled user Access/Deny on protected Servlet (URL & Method) with unentitled user Access/Deny on protected Servlet (URL & Method) with unentitled user on URL only Access/Deny on protected Servlet (URL & Method) with unentitled user on Method only Access/Deny on protected Servlet (Method only) with unentitled user

Business Logic

Pass

Pass

N/A

N/A

N/A

N/A

Pass

N/A

N/A

N/A

N/A

Pass

Pass

N/A

N/A

N/A

N/A

Pass

N/A

N/A

N/A

N/A

EJB

Access/Allow on unprotected EJB

Access/Allow on protected EJB with entitled user Access/Deny on protected EJB with unentitled user

N/A

N/A

N/A

MPR

*P=Pass or Yes F=Fail N/A=Non-available function

Page: 10

Page 10
Image 10
RSA Security 3.75 manual Certification Checklist for Application Servers, Date Tested 01/31/02, Web/Presentation, Servlet