You can customize your security configuration at the cell,
sever, or cluster level by configuring multiple security domains.
Before you begin
Users assigned to the administrator role can configure
security domains. Verify that you have the appropriate administrative
role before configuring security domains. Also, enable global security
in your environment before configuring multiple security domains.
About this task
You can create multiple security domains to customize
your security configuration. Use multiple security domains to achieve
the following goals:
- Configure different security attributes for administrative and
user applications within a cell
- Consolidate server configurations by managing different security
configurations within a cell
- Restrict access between applications with different user registries,
or configure trust relationships between applications to support communication
across registries
Procedure
- Create a security domain.
Create multiple security domains in your configuration. By creating
multiple security domains, you can configure different security attributes
for administrative and user applications within a cell environment.
- Assign the security
domain to one or a set of resources or scopes.
Assign
management resources to security domains. Set management resources
to your security domains to customize your security configuration
for a cell, server, or cluster.
- Customize your security
configuration by specifying attributes for your security domain.
See the following examples of security attributes: - User registries to validate user credentials
- Authorization for validating access to resources
- Trust association interceptor (TAI) to authenticate a web user
using a reverse proxy server
- Application and system JAAS login configurations
- LTPA timeout settings
- Application security enablement to provide application isolation
and requirements for authenticating application users
- Java 2 Security to increase overall system integrity
by checking for permissions before allowing access to certain protected
system resources
- Remote Method Invocation over Internet Inter-ORB Protocol (RMI/IIOP)
to invoke web services through remote procedure calls
- Custom properties