InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications
For purposes of security, Application Server categorizes assets
into two classes: resources and applications.
- Resources are individual components, such as servlets and
enterprise beans.
- Applications are collections of related resources.
Security can be applied to applications and to individual resources. Setting up
security involves the following general steps:
- Setting global values for use by all applications.
- Refining settings for individual applications.
- Securing specific HTTP and EJB methods (optional).
Securing applications with IBM WebSphere Application
Server product security involves a series of tasks. Completing the
tasks results in a set of policies defining which
users have access to which methods or operations in which
applications.
For example, the security administrator establishes policies specifying
whether the user Bob is permitted to use the company's Inventory
application to perform a write operation, such as changing the number
units of merchandise recorded in the company's inventory database.
The product security server works with
the selected user registry or directory product to enforce the
policies whenever a user tries to
access a protected application. For example, Bob might be
prompted for a digital certificate verifying his identity when he
tries to use the Inventory application.
Security task wizards in Java console
Of the current administrative clients, WebSphere Administrative
Console provides the most comprehensive support for securing
applications, in the form of security task wizards for:
- Enabling product security
- Defining a security realm and set of valid users
- Specifying how to authenticate users seeking access to applications
- Organizing methods (functions, operations) into groups for protection
- Granting users permissions to access applications
|