Some security features have changed with respect to the security offered by IBM
WebSphere Application Server Version 2.0x. This table summarizes the differences.
Version 3/3.5 |
Version 2 |
Users and groups must originate in a directory service or user registry. |
Users and groups could be created directly in WebSphere Application
Server, independent of a directory service product or the user registry of the operating
system. |
You protect resources individually and at the application level. The
security properties at the application level differ from those you set for individual
resources. |
Individual resources were secured, but the product did not offer
protection to applications (collections of related resources). |
Enterprise beans are protected. The method group concept
discussed in the Enterprise JavaBeans (EJB) specification Version 1.1 is integral to
security policy for all types of resources in Version 3+. |
Only servlets and other Web files, such as HTML pages and JavaServer
Pages (JSP) files, were protected. |
Method groups and application-level security define authorization
policies. |
Realms and access-control lists defined authorization policies. |
There is just one realm, to which all items belong. The administrator
names the realm. |
Multiple realms were offered. |
A discrete security server process provides centralized security services
and policy enforcement to one or more application server runtimes. |
Security features were part of a single application server runtime. |
Sophisticated functionality, including Single Sign On (SSO), delegation,
and the use of LTPA and digital certificates, is supported. |
Basic security policy and services were provided. |