WebSphere Application Server V4.0 security overview
 White paper
 
Abstract
This paper describes the security model for IBM ® WebSphere ® Application Server TM 4.0 Advanced Edition and Single Server Edition
 
 
Content
The WebSphere Application Server 4.0 security model strives to:
  • Provide a unified security model for both Web resources and enterprise beans based on J2EE specification. Such a security model allows a single policy to govern the security of Web pages, servlets and enterprise beans
  • Manage the security policies and services provided by WebSphere Application Server AEs consistent with the XML file based configuration
  • Manage the security policies and services provided by WebSphere Application Server AE in a distributed manner consistent with the WebSphere systems management facility
  • Leverage the EJS environment by integrating an EJB-based WebSphere Security Application with the WebSphere systems management infrastructure for WebSphere Application Server Advanced Edition
  • Provide improved support from WebSphere Application Server 3.x by:
  • Supporting J2EE security specification
  • Enabling the ability to secure the communication between the WebSphere plugin and WebSphere Application server using https
  • Integrating an trusted association feature to support reverse proxy security server like environments
  • Supporting pluggable user registry feature to enable using any custom user registry
  • Continuing to support secure delegation between WebSphere servers as an extension to J2EE 1.2 specification
  • Not storing any clear text password information in the configuration files
  • Supporting secure Java (TM) clients
 
WebSphere40Security-v1.pdf
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 7001776
IBM Group: Software Group
Modified date: Feb 19, 2003