File name: welc_content_csec.html
Overview and new features for securing applications and their environment
Use the links provided in this topic to learn more about the security
infrastructure.
- What is new for security
specialists
This topic provides an overview of new and changed features in security.
- Security
This topic describes how IBM® WebSphere® Application Server provides
security infrastructure and mechanisms to protect sensitive Java™ Platform,
Enterprise Edition (Java EE) resources and administrative resources
and to address enterprise end-to-end security requirements on authentication,
resource access control, data integrity, confidentiality, privacy, and secure
interoperability.
- Security planning overview
Several communication links are provided from a browser on the Internet,
through Web servers and product servers, to the enterprise data at the back-end.
This topic examines some typical configurations and common security practices. WebSphere Application
Server security is built on a layered security architecture. This section
also examines the security protection offered by each security layer and common
security practice for good quality of protection in end-to-end security.
Samples
|
The Samples Gallery offers:
- Login - Form Login
The Form Login Sample demonstrates a very
simple example of how to use the login facilities for WebSphere Application Server to implement
and configure login applications. The Sample uses the Java Platform,
Enterprise Edition (Java EE) form-based login technology to
customize the look and feel of the login screens. It uses servlet filters
to log the user information and the date information. The Sample finishes
the session by using the form-based logout function, an IBM extension
to the Java EE specification.
- Login - JAAS Login
The JAAS Login Sample demonstrates how to
use the Java Authentication and Authorization Service (JAAS)
with WebSphere Application
Server. The Sample uses server-side login with JAAS to authenticate a real
user to the WebSphere security
run time. Based upon a successful login, the WebSphere security run time uses the
authenticated Subject to perform authorization checks on a protected stateless
session enterprise bean. If the Sample runs successfully, it displays all
the principals and public credentials of the authenticated user.
|
|
