InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.3: The WebSphere authorization model >
5.1.3.1: Securing applications and resources

5.1.3.1: Securing applications and resources

WebSphere supports the J2EE model for creating, assembling, securing, and deploying applications. This document provides a high-level description of what is involved in securing resources in a J2EE environment. Resources are secured by doing the following:

  • Specifying roles and defining method permissions in deployment descriptors.
  • Assigning users and groups to roles during application deployment.
  • Enabling global security in the WebSphere environment.
The J2EE specifications should be consulted for complete details.

Applications are often created, assembled and deployed in different phases and by different teams.

Application-component providers

Component providers create enterprise beans, servlets, JSP files, HTML files, and related components. These components are packaged into J2EE modules for containers that can support them.

Enterprise-bean modules contain enterprise-bean class files and a deployment descriptor. These modules are packaged as standard JAR files, using the .jar extension.

Web modules contain servlets, JSP pages, HTML pages, GIFs, and other, and also include a deployment descriptor. These modules are packaged as Web archive files, JAR files with a .war extension.

Enterprise bean and Web modules can be assembled into enterprise-application modules. These modules are packaged as enterprise archive files, JAR files with a .ear extension.

The component provider specifies most of the configuration meta-information for the components, including the security attributes, in the deployment descriptors. These attributes identify roles, specify the methods that are associated with the roles, the login-config method, and so forth. A tool like the WebSphere application assembly tool (AAT) is used to create J2EE modules and to set the attributes in the deployment descriptors.

Application assemblers

Application assemblers combine J2EE modules, resolve references between them, and create from them a single deployment unit, typically a .ear file. A tool like AAT is also used to accomplish these tasks. Component providers and application assemblers can be the same people, but they do not have to be.

Deployers

Deployers links entities referred to in an enterprise application to the run-time environment. One of the important tasks the deployer performs is mapping actual users and groups to the application's roles. The deployer installs the enterprise application into the environment and makes the final adjustments needed to run the application.

Most of the steps in creating J2EE applications involve deployment descriptors; the deployment descriptors play a central role in application security in a J2EE environment.

Go to previous article: Authorization model Go to next article: Role-based authorization

 

 
Go to previous article: Authorization model Go to next article: Role-based authorization