InfoCenter Home > 5: Securing applications -- special topicsIBM WebSphere Application Server provides security components that collaborate with other security elements in your WebSphere environment, as discussed in article 5.1. Security is established at two levels. The first level is global security. Global security applies to all applications running in the environment and determines whether security is used at all, the type of registry against which authentication takes place, and other values, many of which act as defaults. The second level is application security. Application security, which can vary with each application, determines the requirements specific to the application. In some cases, these values can override global defaults. Application security includes settings like mechanisms for authenticating users and authorization requirements. Both types of security information are supplied in the administrative console for WebSphere Application Server. General administrative tasks, including standard security tasks, are described in 6.6.0.3: Web administrative console overview. Information about the standard security tasks appears in 6.6.18: Securing applications. The rest of the material in this section concentrates on more specialized issues related to security. Some of these are programmatic in nature, and some are administrative. The discussions assume familiarity with general security procedures in the WebSphere Application Server environment. Article 5.3, Changes to security describes changes in security since the previous version of WebSphere Application Server. Article 5.4, Using programmatic and custom login describes the use of programmatic client and server login routines that work with the authentication policies and other settings specified by the administrator of WebSphere Application Server. This allows sites to customize the way in which authentication information is collected from users. Article 5.5, Certificate-based authentication provides an introduction to the concepts of certificate-based authentication and its use in the WebSphere environment. This includes a discussion of general cryptographic concepts like public-key encryption and digital signatures as well as information on the use of certificates in the WebSphere environment, tools for managing certificates and keys, and other related topics:
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|