The WSA's ubroker.properties file can be set to also require the WSA to verify that the Java container performs user authentication for particular URL paths.
Note: The entries in ubroker.properties are case-sensitive.
For example, when the WSA gets an HTTP request from the Java container:
1. The WSA first checks its ubroker.properties values to determine whether the URL requires the Java container to perform user authentication.
2. If it does, the WSA verifies that the Java container has passed it a valid user ID—just in case the Java container configuration becomes corrupted.
3. When it verifies that it has a valid user ID, the WSA checks whether the URL is for a WSA administrative function.
If the URL is for a WSA administrative function, then:
a. The WSA determines which Role the user is in and gives the user the security privileges associated with that Role.
b. The WSA determines whether the user's privileges allow it to execute the administrative function. If yes, the administrative function is executed.
If the URL is not for a WSA administrative function, the WSA processes the HTTP/SOAP request as a web service operation.