WebSphere Application Server provides many different methods for
authorizing accessing resources. For example, you can assign roles to users
and configure a built-in or external authorization provider.
About this task
You can create an application, an Enterprise JavaBeans (EJB) module,
or a Web module and secure them using assembly tools.
To authorize user
or group access to resources, read the following articles:
Procedure
- Secure you application during assembly and deployment. For
more information on how to create a secure application using an assembly tool,
such as the IBM Rational Application Developer, see Securing applications during assembly and deployment.
For general information about
the tools that WebSphere Application Server supports, see Assembly tools and Assembling applications.
- Authorize access to Java 2 Platform, Enterprise Edition (J2EE)
resources. WebSphere Application Server supports authorization
that is based on the Java Authorization Contract for Containers (JACC) specification
in addition to the default authorization. When security is enabled in WebSphere
Application Server, the default authorization is used unless a JACC provider
is specified. For more information, see Authorization providers.
- Authorize access to administrative resources.
You can assign users and groups to predefined administrative roles such
as the monitor, configurator, operator, administrator, and iscadmins roles.
These roles determine which tasks a user can perform in the administrative
console. For more information, see Authorizing access to administrative roles.
What to do next
After authorizing access to resources, configure the Application
Server for secure communication. For more information, see
Securing communications.