WebSphere Application Server supports the Java 2 Platform, Enterprise
Edition (J2EE) model for creating, assembling, securing, and deploying applications.
Applications are often created, assembled, and deployed in different phases
and by different teams.
About this task
You can secure resources in a J2EE environment by following the
required high-level steps. Consult the J2EE specifications for complete details.
Procedure
- Set up and enable security. You must address several
issues prior to authenticating users, authorizing access to resources, securing
applications, and securing communications. These security issues include migration,
interoperability, and installation. After installing WebSphere Application
Server, you must determine the proper level of security that is needed for
your environment. For more information, see Setting up and enabling security
.
- Authenticate users. The process of authenticating users
involves a user registry and an authentication mechanism. Optionally, you
can define trust between WebSphere Application Server and a proxy server,
configure single sign-on capability, and specify how to propagate security
attributes between application servers. For more information, see Authenticating users
.
- Authorize access to resources. WebSphere Application
Server provides many different methods for authorizing accessing resources.
For example, you can assign roles to users and configure a built-in or external
authorization provider. For more information, see Authorizing access to resources
.
- Secure communications. WebSphere Application Server
provides several methods to secure communication between a server and a client.
For more information, see Securing communications
.
- Develop extensions to the WebSphere security infrastructure.
WebSphere Application Server provides various plug points so that you
can extend the security infrastructure. For more information, see Developing extensions to the WebSphere security infrastructure
.
- Secure various types of WebSphere applications. See Securing
WebSphere applications for tasks involving developing, deploying, and
administering secure applications, including Web applications, Web services,
and many other types. This section highlights the security concerns and tasks
that are specific to each type of application.
- Tune, harden, and maintain security configurations. After
you have installed WebSphere Application Server, there are several considerations
for tuning, strengthening, and maintaining your security configuration. For
more information, see Tuning, hardening, and maintaining
.
- Troubleshoot security configurations. For more information,
see Troubleshooting security configurations
.
Results
Your applications and production environment are secured.