InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.3: The WebSphere authorization model >
5.1.3.1: Securing applications and resources
Within WebSphere Application Server, you define security requirements
in terms of:
This file describes applications and their component resources.
Resources
A resource is a specific file or program to which you want
to control access. It belongs to an application and its methods are
associated with method groups. Examples of resources include servlets,
enterprise beans, Web pages, and JSP files. For example,
a bank can implement accounts as enterprise beans and provide a
Web-based user interface.
Resources are divided into the following types:
- Web resources
Web resources represent components that can be accessed only
from Web clients, like servlets, HTML files, and JSP files.
The Web resource is a logical representation of a physical
resource; precisely, the Uniform Resource Identifier (URI), the
part of the address used to access the resource). For example,
a servlet called HelloWorld and accessed
through the URL http://host.com/servlet/hello is protected
by protecting the URI (the logical resource) servlet/hello.
A Web resource is protected only if its URI is protected,
and any particular resource can have several URIs pointing
to it. If a physical resource must be securely protected
from Web access, then every URI that represents the physical
resource must be protected. A physical Web resource can
be accessed through more than one URI. To completely
secure the application, all URIs must be secured.
Applications
An application is a collection of resources that can be
protected as a unit. An application usually consists related resources
that encapsulate a piece of business logic. For example, a bank can
create a Savings application to track the balances of savings accounts.
This application includes the resources related to savings accounts.
Applications are divided into the following types:
- Web applications
A Web application is a group of servlets that share a common
servlet context. URIs representing HTML and JSP files can
be included indirectly in a Web application by adding the
file invoker servlet (represented by "/") that services the
files or the JSP file enabler ("/*.JSP file") to the Web
application.
A Web application can be added to an enterprise application,
but a specific Web application can belong to only one enterprise
application.
|
Related topics |
|
| Home (Getting started page) |
|
InfoCenter |
|
To launch the full documentation set in a separate browser window, click: |
| Display InfoCenter |
| |
PDF library |
|
To browse the PDF library for this product, containing this article and others, click: |
| PDF versions |
| |
Using this documentation |
|
Become an InfoCenter super user! To find out more about navigation, numbering, search, downloads, and more, click: |
| Using this documentation |
| |
|