File name: welc_content_csec.html
Overview and new features for securing applications and their
environment
Use the links provided in this topic to learn more about
the security infrastructure.
- What is new
for security specialists
This topic provides an overview of new and changed features
in security.
- Security
This topic describes how IBM® WebSphere® Application Server provides security
infrastructure and mechanisms to protect sensitive Java Platform, Enterprise Edition (Java EE) resources and administrative resources and to address enterprise
end-to-end security requirements on authentication, resource access
control, data integrity, confidentiality, privacy, and secure interoperability.
- Security planning overview
Several communication links are provided from a browser on
the Internet, through web servers and product servers, to the enterprise
data at the back-end. This topic examines some typical configurations
and common security practices. WebSphere Application Server security is built on a layered security architecture.
This section also examines the security protection offered by each
security layer and common security practice for good quality of protection
in end-to-end security.
Samples
|
The Samples documentation offers:
- Login - Form Login
The Form Login Sample demonstrates
a very simple example of how to use the login facilities for WebSphere Application Server to implement
and configure login applications. The Sample uses the Java Platform, Enterprise Edition (Java EE) form-based login technology to customize
the look and feel of the login screens. It uses servlet filters to
log the user information and the date information. The Sample finishes
the session by using the form-based logout function, an IBM extension
to the Java EE specification.
- Login - JAAS Login
The JAAS Login Sample demonstrates
how to use the Java Authentication and Authorization
Service (JAAS) with WebSphere Application Server.
The Sample uses server-side login with JAAS to authenticate a real
user to the WebSphere security run time. Based upon
a successful login, the WebSphere security run time
uses the authenticated Subject to perform authorization checks on
a protected stateless session enterprise bean. If the Sample runs
successfully, it displays all the principals and public credentials
of the authenticated user.
|
|
