Securing applications during assembly and deployment

Several assembly tools exist that are graphical user interfaces for assembling enterprise or Java™ Platform, Enterprise Edition (Java EE) applications. You can use these tools to assemble an application and secure Enterprise JavaBeans (EJB) and web modules in that application.

About this task

An EJB module consists of one or more beans. You can enforce security at the EJB method level. A web module consists of one or more web resources: an HTML page, a JavaServer Pages (JSP) file, or a servlet. You can also enforce security for each web resource.
Note: For information about the tools that WebSphere® Application Server supports, see Assembly tools.

To secure an EJB module, a Java archive (JAR) file, a web module, a web application archive (WAR) file, or an application enterprise archive (EAR) file, you can use an assembly tool. You can create an application, an EJB module, or a web module and secure them using an assembly tool or development tools such as the IBM® Rational® Application Developer.

Procedure

  1. Secure EJB applications by using an assembly tool. For more information, see Securing enterprise bean applications.
  2. Secure web applications by using an assembly tool. For more information, see Securing web applications using an assembly tool.
  3. Add users and groups-to-roles while assembling a secured application using an assembly tool. For more information, see Adding users and groups to roles using an assembly tool.
  4. Map users to RunAs roles using an assembly tool. For more information, see Mapping users to RunAs roles using an assembly tool.
  5. Adding the was.policy file to applications for Java 2 security.
  6. Assemble the application components that you secured using an assembly tool. For more information, see Assembling applications.

Results

After securing an application, the resulting .ear file contains security information in its deployment descriptor. The EJB module security information is stored in the ejb-jar.xml file and the web module security information is stored in the web.xml file. The application.xml file of the application EAR file contains all the roles that are used in the application. The user and group-to-roles mapping is stored in the ibm-application-bnd.xmi file of the application EAR file.

支援的配置 支援的配置: 對於 IBM 延伸和連結檔而言,.xmi 或 .xml 副檔名取決於您是使用 Java EE 5 之前的應用程式或模組,或 Java EE 5 或更新版本的應用程式或模組。 IBM 延伸或連結檔稱為 ibm-*-ext.xmi 或 ibm-*-bnd.xmi,其中 * 是延伸或連結檔的類型,例如:app、application、ejb-jar 或 web。 適用的條件如下:
  • 如果應用程式或模組使用第 5 版之前的 Java EE,副檔名必須是 .xmi。
  • 如果應用程式或模組使用 Java EE 5 或更新的版本,副檔名必須是 .xml。 如果 .xmi 檔是隨附在應用程式或模組,則本產品會忽略 .xmi 檔。

不過,即使應用程式含有 Java EE 5 之前的檔案,且所用的副檔名是 .xmi,其中也可以有 Java EE 5 或更新版本的模組。

ibm-webservices-ext.xmiibm-webservices-bnd.xmiibm-webservicesclient-bnd.xmiibm-webservicesclient-ext.xmiibm-portlet-ext.xmi 檔會繼續使用 .xmi 副檔名。

sptcfg

[AIX Solaris HP-UX Linux Windows][IBM i]The was.policy file of the application EAR contains the permissions that are granted for the application to access system resources that are protected by Java 2 security.

This task is required to secure EJB modules and web modules in an application. This task is also required for applications to run properly when Java 2 security is enabled. If the was.policy file is not created and it does not contain required permissions, the application might not be able to access system resources.

What to do next

After securing an application, you can install an application by using the administrative console. When you install a secured application, refer to Deploying secured applications to complete this task.

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:17
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tsec_assemble
檔名:tsec_assemble.html