Learn about:
You are the system administrator of a banking company. The company has decided to provide tellers, account administrators, and other bank personnel Web-based access to accounts and account information.
You have been asked to set up and administer the first part of such a system -- an application for creating bank accounts online. The bank's IT team has installed and configured WebSphere Application Server Version 3.5 on the appropriate machines, ready for your use.
These files comprise an application that allows user to create savings and checking accounts, which are tracked in a DB2 database. (In the WebSphere samples, these files comprise the Account Sample):
The tutorial will also consider the Transfer sample files. "Transfer" is an application allowing the user to transfer funds among accounts creating using the Account application.
The Transfer application will be considered during the planning discussions. Configuring, securing, and cloning the Transfer application is left as a practice exercise because the steps are so similar to the Account application steps demonstrated in this tutorial.
For more information about Account and Transfer, open the index.html file in the WebSphereSamples directory of your product installation.
The sample file is located in:
install_root\hosts\default_host\WSsamples_app\web\AccountAndTransferwhere install_root is the root of your WebSphere Application Server installation. Note, the slashes will vary ("\" or "/") depending on your operating system.
This sample file is located in:
install_root\hosts\default_host\WSsamples_app\servlets\WebSphereSamples\AccountAndTransfer
This sample file is located in:
install_root\hosts\default_host\WSsamples_app\web\AccountAndTransfer
This sample file is located in:
install_root\deployableEJBs
As an administrator, you have to consider how to organize and administer these files in the WebSphere administrative domain. Remember, this section will discuss both the Account and Transfer applications, but the tutorial steps will involve only the Account application.
After you use the console to configure an application, you can start and stop the resources in the application in unison by starting and stopping the application. It is possible to configure the Account and Transfer file sets into one large application so that when you make one available, the other becomes available, too.
However, in this case it makes sense to configure the Account application files into one application and the Transfer application files into another. This way, you can take the Transfer application offline to perform maintenance without affecting the users of the Account application. The converse is also true.
These applications are likely to have somewhat different audiences, which has implications not only for their availability, but for security.
You consult the Security help and learn that security is applied at the application level and again at the resource level.
In simplified terms, this means a user must first gain access to the application. Then he or she must gain access to individual methods in the resources (files) comprising the application. For example, suppose two users can access an application. One user might be permitted to use only the read-only methods, while the other user can access methods that allow editing the application data (write access).
If you combine the Account and Transfer file sets into one application, there are certain security settings the two file sets will have to share. For example, if you select the "basic" challenge type for logging users into Account, you will have to use that same challenge type for Transfer.
In contrast, if you configure the file sets as separate applications, you can use different challenge types. For example, the security system can prompt Account application users for a user ID and password, while access to Transfer can require users to present digital certificates.
There are no global security settings for resource security. The security you apply to the methods of a resource stay with that resource. They are not affected if you remove the resource from one application and add it to another.
When you are finished planning, it is time to begin configuring an application for the Account file set. You have two options:
The tutorial demonstrates the first option, with some discussion of the second option.