Securing applications and their environments

Why and when to perform this task

WebSphere Application Server supports the J2EE model for creating, assembling, securing, and deploying applications. This article provides a high-level description of what is involved in securing resources in a J2EE environment. Applications are often created, assembled and deployed in different phases and by different teams.

Consult the J2EE specifications for complete details.

Steps for this task

  1. Plan to secure your applications and environment.
    For more information, see Planning to secure your environment. Complete this step before you install the WebSphere Application Server.
  2. Consider pre-installation and post-installation requirements.
    For more information, see Implementing security considerations. For example, during this step, you learn how to protect security configurations after you install the product.
  3. Migrate your existing security systems.
    For more information, see Migrating security configurations from previous releases.
  4. Develop secured applications.
    For more information, see Developing secured applications.
  5. Assemble secured applications.
    For more information, see Assembling secured applications.

    [5.0 only][Version 5.0.1]Development tools, such as the Assembling applications with the AAT and the Deployment Tool for Enterprise JavaBeans (EJBDeploy) are used to assemble J2EE modules and to set the attributes in the deployment descriptors.

    [Version 5.0.2 and later]Development tools, such as the Deployment Tool for Enterprise JavaBeans (EJBDeploy) and the Assembling applications with the Assembly Toolkit are used to assemble J2EE modules and to set the attributes in the deployment descriptors.

    Most of the steps in assembling J2EE applications involve deployment descriptors; deployment descriptors play a central role in application security in a J2EE environment.

    Application assemblers combine J2EE modules, resolve references between them, and create from them a single deployment unit, typically an Enterprise Archive (EAR) file. Component providers and application assemblers can be represented by the same person but do not have to be.

  6. Deploy secured applications.
    For more information, see Deploying secured applications.

    Deployer link entities referred to in an enterprise application are mapped in the runtime environment. The deployer:

    • Maps actual users and groups to application roles
    • Installs the enterprise application into the environment
    • Makes the final adjustments needed to run the application

  7. Test secured applications.
    For more information, see Testing security.
  8. Manage security configurations.
    For more information, see Managing security.
  9. Improve performance by tuning security configurations.
    For more information, see Tuning security configurations.
  10. Troubleshoot security configurations.
    For more information, see Troubleshooting security configurations.

Results

Your applications and production environment are secured.

Example

Security: Resources for learning

Related concepts
Welcome to Security



Searchable topic ID:   tsecsecover
Last updated: Jun 21, 2007 4:55:42 PM CDT    WebSphere Application Server Network Deployment, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_secover.html

Library | Support | Terms of Use | Feedback