InfoCenter Home > 6.6.18.7: Protecting individual application components and methods
Protecting enterprise beans after redeploymentSecurity is not automatically updated when changes are made to a bean. You must redeploy the resource security in order for the method groups to pick up the changes to the bean. Adding a method to a beanIf you add a method to a bean, you must go back into resource security and associate the new method with a method group. Modifying a method on a beanIf you modify a method on a bean, you must resecure the bean as follows:
Unprotecting resourcesResources protected under WebSphere can be unprotected, if necessary. Depending on the resources and how they are configured into applications, the techniques for removing security differ. This file describes how to remove security in the following situations:
Unprotecting all resources associated with an enterprise applicationIf you want to remove protection from all the resources associated with an enterprise application, the most efficient approach is to unprotect the application itself. For example, if you have granted the permissions associated with the application ("application-methodgroup" pairs) to a specific user, group or to all authenticated users, the resources are considered protected. To unprotect these resource, you can grant those permissions to "Everyone". By granting the permissions to everyone, a user need not be authenticated to access the resources under that application. Unprotecting an enterprise bean associated with an enterprise applicationIf you want to remove protection from a specific bean (or set of beans) associated with an application while maintaining the security on the other resources in the application, remove the bean (or beans) from the application and create a new application that is explicitly unprotected. When you remove beans from the application, the security configuration associated with the application no longer applies to them. However, enterprise beans are protected unless security policies to the contrary are specified. To completely unsecure them, you need to create a new application consisting of the beans to be unsecured. After performing security configuration steps, grant the permissions associated with the new application to "Everyone." This is equivalent to unprotecting all the resources associated with the new application. To remove resources from a secured enterprise application, use the "Edit Enterprise Application" task. On the last panel, you can remove resources associated with the application. Use it to remove the desired beans. Unprotecting all URIs associated with a web applicationIf you want to remove protection from a web application (including all associated URIs) while maintaining the security on the other resources in the enterprise application, remove the web application (or applications) from the enterprise application. To remove resources from a secured enterprise application, use the "Edit Enterprise Application" task. On the last panel, you can remove resources associated with the application. Use it to remove the desired web applications. Unprotecting specific URIsIf you want to remove protection from specific URIs in a web application, remove the method-group configuration for the URIs. Use the "Configure Security Method Groups" task and select the URI you want to unprotect. After the URI is selected, proceed to the next screen, where you view the classification of methods into method groups. For example, the HTTP_GET method may belong to the ReadMethods method group. Select the method groups associated with the methods you want to unprotect and remove them. This eliminates the associate between a method group and a URI, leaving the URI unprotected. Because web resources are unprotected by default, no authentication is required to access them. Protecting individual JSP filesThis file describes the steps necessary for selectively protecting JSP files, that is, how to protect individual JSP files based on their Web paths (URIs) when you do not want to apply the same protection to all the JSP files in the system. Note, the instructions for adding a JSP Web path to a web application advise you to use the "Add a JSP or a web resource" task wizard in the administrative console. This action adds the JSP Web path, not the actual JSP file, to the Web application. But when you follow the configuration steps to protect a JSP Web path, the Web path is treated separately from the Web application; instead, it is treated as a Web server resource. Therefore, security does not work as intended. The following procedure will be needed until product defect number 88065 is addressed. Check the "fixed defects" list accompanying IBM WebSphere Application Server fix packs to ascertain whether a given fix pack has addressed the defect. To protect individual JSP files using WebSphere security, follow these steps:
|
| ||
|