WebSphere® Application
Server provides many
different methods for authorizing accessing resources. For example,
you can assign roles to users and configure a built-in or external
authorization provider.
About this task
You can create an application, an Enterprise JavaBeans (EJB) module, or a web module
and secure them using assembly tools.
To authorize user or group
access to resources, read the following articles:
Procedure
- Secure you application during assembly and deployment.
For more information on how to create a secure application using
an assembly tool, such as the IBM® Rational® Application
Developer, see the information about securing applications during
assembly and deployment.
- Authorize access
to Java Platform,
Enterprise Edition (Java EE)
resources. WebSphere Application Server
supports authorization that is based on the Java Authorization
Contract for Containers (JACC) specification in addition to the default
authorization. When security is enabled in WebSphere Application
Server, the default authorization is used unless a JACC provider is
specified. For more information, see Authorization providers.
- Authorize access to administrative resources. You
can assign users and groups to predefined administrative roles such
as the monitor, configurator, operator, administrator, auditor and
iscadmins roles. These roles determine which tasks a user can perform
in the administrative console. For more information, see Authorizing access to administrative roles.
What to do next
After authorizing access to resources, configure
the Application
Server for secure communication. For more information, see
Securing communications.