Securing a Web application using WebSphere Application Server - Express
 Technote (troubleshooting)
 
Problem(Abstract)
What kind of support does IBM® WebSphere® Application Server - Express provide to add security features to a Web application?
 
Resolving the problem
Security in WebSphere Application Server - Express can be global, applying to all applications running on the application server, or it can be application specific. WebSphere Application Server - Express supports Basic authentication, Form-based authentication, Client Certificate authentication, and Digest authentication. Discussion of these authentication methods is beyond the scope of this technote. For more information concerning WebSphere Application Express - Server security, refer to the Information Center Web site at: http://publib.boulder.ibm.com/infocenter/wasinfo/v5r0/index.jsp
Also see Redbook "WebSphere Application Server - Express V5.0.1 Administrator Handbook".

In WebSphere Studio you can provide security for Web applications by defining roles and constraints for a particular web resource and then associating these constraints with the defined roles. You define these security roles and constraints in the web deployment descriptor file (web.xml).

Enabling global security in the application server where the applications are deployed implements the authentication method defined in the application. During deployment, the security roles are associated with the users or groups authenticated by the operating system where the application server is running. You can enable WebSphere global security by selecting the Enable security option in the server configuration file in Site Developer, or you can enable global security from the Administrative Console, which is available beginning with V5.0.1 of WebSphere Application Server - Express.

Using the Administrative Console, in addition to local operating system registry authentication, you can also make settings for lightweight directory access protocol (LDAP) and custom authentication security.

WebSphere Application Server - Express does not support the Java™ 2 Security model.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Software Development WebSphere Studio Site Developer Linux, Windows 5.0, 5.0.1, 5.1
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server - Express > Server
Operating system(s): Windows
Software version: 5.0.2
Software edition:
Reference #: 1082868
IBM Group: Software Group
Modified date: Sep 15, 2004