|
Abstract |
This paper describes the security model for IBM ®
WebSphere ® Application Server TM 4.0 Advanced Edition and Single Server
Edition |
|
|
Content |
The WebSphere Application Server 4.0 security model strives to:
- Provide a unified security model for both Web resources
and enterprise beans based on J2EE specification. Such a security model
allows a single policy to govern the security of Web pages, servlets and
enterprise beans
- Manage the security policies and services provided by
WebSphere Application Server AEs consistent with the XML file based
configuration
- Manage the security policies and services provided by
WebSphere Application Server AE in a distributed manner consistent with
the WebSphere systems management facility
- Leverage the EJS environment by integrating an EJB-based
WebSphere Security Application with the WebSphere systems management
infrastructure for WebSphere Application Server Advanced Edition
- Provide improved support from WebSphere Application Server
3.x by:
- Supporting J2EE security specification
- Enabling the ability to secure the communication between
the WebSphere plugin and WebSphere Application server using https
- Integrating an trusted association feature to support
reverse proxy security server like environments
- Supporting pluggable user registry feature to enable
using any custom user registry
- Continuing to support secure delegation between
WebSphere servers as an extension to J2EE 1.2 specification
- Not storing any clear text password information in the
configuration files
- Supporting secure Java (TM) clients
|
|
|
|
|
|
|