WebSphere Application Server provides many different methods for
authorizing accessing resources. For example, you can assign roles to users
and configure a built-in or external authorization provider.
Why and when to perform this task
To authorize user or group access to resources, read the following
articles:
Steps for this task
- Secure you application during assembly and deployment. You
can create an application, an EJB module, or a Web module and secure them
using an assembly tool such as the IBM Rational Application Developer. For
more information on the steps you need to take to create a secure application,
see Securing applications during assembly and deployment.
- Authorize access to Java 2 Platform, Enterprise Edition (J2EE)
resources. WebSphere Application Server supports authorization
that is based on the Java Authorization Contract for Containers (JACC) specification
in addition to the default authorization. When security is enabled in WebSphere
Application Server, the default authorization is used unless a JACC provider
is specified. For more information, see Authorizing access to J2EE resources using Tivoli Access Manager.
- Authorize access to administrative resources.
You can assign users and groups to predefined administrative roles such
as the monitor, configurator, operator, and administrator roles. These roles
determine which tasks a user can perform in the administrative console. For
more information, see Authorizing access to administrator roles.
What to do next
After authorizing access to resources, configure the Application
Server for secure communication. For more information, see
Securing communications.