InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.1a: Summary of security settings with the Java administrative console

6.6.18.1a: Summary of security settings with the Java administrative console

Use the Configure Global Settings task wizard to specify global and default security settings for all applications:

  • Global settings apply to existing and future applications and cannot be customized.
  • Default settings apply only to future applications and can be customized.

The default settings are used as a template or starting point for configuring individual applications. The administrator should still explicitly configure security settings for each application.

Goal Wizard page description Global or default?
Enable security; specify how long to cache authentication lookup results 6.6.18.1a.1: General Global
Specify default security realm and challenge type for applications 6.6.18.1a.2: Application Defaults Default
Specify how to authenticate users 6.6.18.1a.3: Authentication Mechanism Global
Provide detail about the selected authentication mechanism 6.6.18.1a.4: User Registry Global

IBM WebSphere Application Server provides security at several levels. The security characteristics of an individual application can come from any of these levels. At the most general level are the global security characteristics set up to act as application defaults. This file briefly describes these global values.

In WebSphere, the global defaults for security apply to all applications. Some of the values can be changed on an application-by-application basis, and others remain constant across all applications.

An example of a value that can be set on a per-application basis is the type of authentication procedure. You must establish a default procedure, but this value is used for applications that do not explicitly indicate how they will authenticate users.

An example of value that cannot be changed on a per-application basis is whether to ignore security or not. In Application Server, security is either enabled or disabled. If it is enabled, all applications are secured according to their configurations. If security is disabled, all applications run unsecurely, regardless of their configurations.

Go to previous article: About enabling security with the Java administrative console Go to next article: Managing security IDs for the application server and administrative accounts

 

 
Go to previous article: About enabling security with the Java administrative console Go to next article: Managing security IDs for the application server and administrative accounts