Xconf authorization works through servlet filter, the login page will be intercepted by the servlet filter. After successful login, backend API will be called to retrieve all the matching user information and permissions.
The permissions can be admin permission-permitAll or list of permissions for each page like –read/write common, ‘read-dcm-stb’ etc. Each page has a permission verification on each access. There is permission verification in the UI action elements also. For example, if you want to edit or write a firmware rule, the user should have write firmware permission.