InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.3: The WebSphere authorization model >
5.1.3.1: Securing applications and resources

5.1.3.1: Securing applications and resources

Within WebSphere Application Server, you define security requirements in terms of:

  • Resources
  • Applications
This file describes applications and their component resources.

Resources

A resource is a specific file or program to which you want to control access. It belongs to an application and its methods are associated with method groups. Examples of resources include servlets, enterprise beans, Web pages, and JSP files. For example, a bank can implement accounts as enterprise beans and provide a Web-based user interface.

Resources are divided into the following types:

Web resources

Web resources represent components that can be accessed only from Web clients, like servlets, HTML files, and JSP files. The Web resource is a logical representation of a physical resource; precisely, the Uniform Resource Identifier (URI), the part of the address used to access the resource). For example, a servlet called HelloWorld and accessed through the URL http://host.com/servlet/hello is protected by protecting the URI (the logical resource) servlet/hello.

A Web resource is protected only if its URI is protected, and any particular resource can have several URIs pointing to it. If a physical resource must be securely protected from Web access, then every URI that represents the physical resource must be protected. A physical Web resource can be accessed through more than one URI. To completely secure the application, all URIs must be secured.

Applications

An application is a collection of resources that can be protected as a unit. An application usually consists related resources that encapsulate a piece of business logic. For example, a bank can create a Savings application to track the balances of savings accounts. This application includes the resources related to savings accounts.

Applications are divided into the following types:

Web applications

A Web application is a group of servlets that share a common servlet context. URIs representing HTML and JSP files can be included indirectly in a Web application by adding the file invoker servlet (represented by "/") that services the files or the JSP file enabler ("/*.JSP file") to the Web application.

A Web application can be added to an enterprise application, but a specific Web application can belong to only one enterprise application.

Go to previous article: Authorization model Go to next article: Delegation model

 

 
Go to previous article: Authorization model Go to next article: Delegation model