InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.3: The WebSphere authorization model >
5.1.3.1: Securing applications and resources
Within WebSphere Application Server, you define security requirements
in terms of:
This file describes applications and their component resources.
Resources
A resource is a specific file or program to which you want
to control access. It belongs to an application and its methods are
associated with method groups. Examples of resources include servlets,
enterprise beans, Web pages, and JSP files. For example,
a bank can implement accounts as enterprise beans and provide a
Web-based user interface.
Resources are divided into the following types:
- Web resources
Web resources represent components that can be accessed only
from Web clients, like servlets, HTML files, and JSP files.
The Web resource is a logical representation of a physical
resource; precisely, the Uniform Resource Identifier (URI), the
part of the address used to access the resource). For example,
a servlet called HelloWorld and accessed
through the URL http://host.com/servlet/hello is protected
by protecting the URI (the logical resource) servlet/hello.
A Web resource is protected only if its URI is protected,
and any particular resource can have several URIs pointing
to it. If a physical resource must be securely protected
from Web access, then every URI that represents the physical
resource must be protected. A physical Web resource can
be accessed through more than one URI. To completely
secure the application, all URIs must be secured.
- Enterprise-bean resources
An enterprise-bean resource is either a particular instance
of a bean within an enterprise bean home, or the home
itself (including all beans it represents). Each bean
belongs to a single home, and all beans within a home
are of the same class.
An enterprise bean resource can belong to multiple
enterprise applications. Therefore, security is expressed
in terms of homes, not particular bean instances. For example,
if an application has an enterprise bean called AccountBean that
encapsulates account information, and if a user is given permission
on the AccountBean, the user can access every account in the system.
(It is not possible, at this level, to specify that a user can
access only the user's account. That degree of granularity must be
accomplished programmatically within the bean itself.)
Applications
An application is a collection of resources that can be
protected as a unit. An application usually consists related resources
that encapsulate a piece of business logic. For example, a bank can
create a Savings application to track the balances of savings accounts.
This application includes the resources related to savings accounts.
Applications are divided into the following types:
- Web applications
A Web application is a group of servlets that share a common
servlet context. URIs representing HTML and JSP files can
be included indirectly in a Web application by adding the
file invoker servlet (represented by "/") that services the
files or the JSP file enabler ("/*.JSP file") to the Web
application.
A Web application can be added to an enterprise application,
but a specific Web application can belong to only one enterprise
application.
- Enterprise applications
An enterprise application is a collection of Web applications
and optional enterprise-bean resources. Administrators can define
authentication and authorization policies for enterprise
applications.
A Web application can belong to only one enterprise
application, but enterprise-bean resources can belong
to multiple enterprise applications.
|
Related topics |
|
| Home (Getting started page) |
|
InfoCenter |
|
To launch the full documentation set in a separate browser window, click: |
| Display InfoCenter |
| |
PDF library |
|
To browse the PDF library for this product, containing this article and others, click: |
| PDF versions |
| |
Using this documentation |
|
Become an InfoCenter super user! To find out more about navigation, numbering, search, downloads, and more, click: |
| Using this documentation |
| |
|