Why and when to perform this task
Many applications require users to provide identifying information. You cannot provide access control for individual services. You can only provide access control for the router servlets, for example, the rpcrouter servlet URI. If you can get to a servlet, you can access any of the Web services served through the servlet. Therefore, if you have a set of secure services, you have to partition them differently so that they are accessed through a URI that is secured, for example, /secureRPCRouter. An example of a service that is not secure or accessible to everyone is /uprotectedRCPRouter.
Using the Application Assembly Tool (AAT), you can set authorization levels by assigning roles to HTTP methods and by assigning users to roles. You can then authenticate users, verifying they are authorized to view specific information. There are many ways to prompt users for authentication data.