WebSphere Application Server Network Deployment, Version 6.x      Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Securing applications and their environment

Related resources
How do I?...
Overview
What is new
Samples
Security: Resources for learning

This section discusses all aspects of security.

Part of your security framework WebSphere Application Server plays an integral part of the multiple-tier enterprise computing framework. Based on open architecture, WebSphere Application Server provides many plug-in points to integrate with enterprise software components to provide end-to-end security.

Product security Security infrastructure and mechanisms protect Java 2 Platform, Enterprise Edition (J2EE) resources and administrative resources, addressing your enterprise security requirements.

Securing applications and their environments
WebSphere Application Server supports the Java 2 Platform, Enterprise Edition (J2EE) model for creating, assembling, securing, and deploying applications. This article provides a high-level description of what is involved in securing resources in a J2EE environment. Applications are often created, assembled, and deployed in different phases, by people in different roles.
Setting up and enabling security
You must address several issues prior to authenticating users, authorizing access to resources, securing applications, and securing communications. These security issues include migration, interoperability, and installation. After installing WebSphere Application Server, you must determine the proper level of security that is needed for your environment.
Authenticating users
The process of authenticating users involves a user registry and an authentication mechanism. Optionally, you can define trust between WebSphere Application Server and a proxy server, configure single sign-on capability, and specify how to propagate security attributes between application servers.
Authorizing access to resources
WebSphere Application Server provides many different methods for authorizing accessing resources. For example, you can assign roles to users and configure a built-in or external authorization provider.
Securing communications
WebSphere Application Server provides several methods to secure communication between a server and a client.
Developing extensions to the WebSphere security infrastructure
WebSphere Application Server provides various plug points so that you can extend the security infrastructure.
Configuring security with scripting
This section describes security using administrative scripting, an alternative to using the administrative console.
Securing WebSphere applications
This section provides security instructions that are specific to the various types of applications, such as Web applications or Web services. In the navigation tree, expand Securing applications and their environment > Securing WebSphere applications to view the contents of this section.
Tuning, hardening, and maintaining
After you have installed WebSphere Application Server, there are several considerations for tuning, strengthening, and maintaining your security configuration.
Troubleshooting security configurations
Troubleshoot specific problems that are related to configuring and enabling security configurations.