Why and when to perform this task
The Application Assembly Tool is a graphical
user interface for assembling enterprise (J2EE) applications. For more information,
see Assembling applications with the AAT.
The Assembly Toolkit and the Application Assembly
Tool are graphical user interfaces for assembling enterprise (J2EE) applications.
For more information, see Assembling applications with the Assembly Toolkit and Assembling applications with the AAT
You can use the tool to assemble an application and secure EJB and Web modules in that application. An EJB module consists of one or more beans. You can enforce security at the EJB method level. A Web module consists of one or more Web resources (an HTML page, a JSP file or a servlet). You can also enforce security for each Web resource. You can use the tool to secure an EJB module (Java archive (JAR) file) or a Web module (Web archive (WAR) file) or an application (enterprise archive (EAR) file).
You can create an application, an EJB module, or
a Web Module and secure them using development tools like the IBM WebSphere
Studio Application Developer.
You can create
an application, an EJB module, or a Web Module and secure them using the Assembly
Toolkit or development tools like the IBM WebSphere Studio Application Developer.
Steps for this task
Results
After securing an application, the resulting .ear file contains security information in its deployment descriptor. The EJB module security information is stored in the ejb-jar.xml file and the Web module security information is stored in the web.xml file. The application.xml file of the application EAR file contains all the roles used in the application. The user and group to roles mapping is stored in the ibm-application-bnd.xmi file of the application EAR file.The was.policy file of the application EAR contains the permissions granted for the application to access system resources.
This task is required to secure EJB modules and Web modules in an application. This task is also required for applications to run properly when Java 2 security is enabled. If the was.policy file is not created and it does not contain required permissions, the application might not be able to access system resources.
What to do next
After securing an application, you can install an application using the administrative console. When you install a secured application, see Deploying secured applications to complete this task.