InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications

6.6.18: Securing applications

For purposes of security, Application Server categorizes assets into two classes: resources and applications.

  • Resources are individual components, such as servlets and enterprise beans.
  • Applications are collections of related resources.
Security can be applied to applications and to individual resources. Setting up security involves the following general steps:
  1. Setting global values for use by all applications.
  2. Refining settings for individual applications.
  3. Securing specific HTTP and EJB methods (optional).

Securing applications with IBM WebSphere Application Server product security involves a series of tasks. Completing the tasks results in a set of policies defining which users have access to which methods or operations in which applications.

For example, the security administrator establishes policies specifying whether the user Bob is permitted to use the company's Inventory application to perform a write operation, such as changing the number units of merchandise recorded in the company's inventory database.

The product security server works with the selected user registry or directory product to enforce the policies whenever a user tries to access a protected application. For example, Bob might be prompted for a digital certificate verifying his identity when he tries to use the Inventory application.

Security task wizards in Java console

Of the current administrative clients, WebSphere Administrative Console provides the most comprehensive support for securing applications, in the form of security task wizards for:

  • Enabling product security
  • Defining a security realm and set of valid users
  • Specifying how to authenticate users seeking access to applications
  • Organizing methods (functions, operations) into groups for protection
  • Granting users permissions to access applications
Go to previous article: Configuring new Web resources with the Java administrative console Go to next article: Securing applications with the Java administrative console

 

 
Go to previous article: Configuring new Web resources with the Java administrative console Go to next article: Securing applications with the Java administrative console