WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

How do I secure applications and their environments?

Hold your cursor over the task icon (Task icon) to see a description of the task.

Develop and deploy secure applications. These tasks involve securing your applications during development (optional, programmatic security), assembly (declarative security), and after deploying them on the application server.

Most of the security for an application is configured during the assembly stage. The security you configure during the assembly stage is called declarative security because the security is declared or defined in the deployment descriptors. The declarative security is enforced by the security run time. For some applications, declarative security is not sufficient to express the security model of the application. For these applications, you can use programmatic security. Secure Web applications: Authentication and authorization Documentation link Documentation

 

Blank
Presentation link Tell me

 

Blank

 

Blank
Most of the security for an application is configured during the assembly stage. The security you configure during the assembly stage is called declarative security because the security is declared or defined in the deployment descriptors. The declarative security is enforced by the security run time. For some applications, declarative security is not sufficient to express the security model of the application. For these applications, you can use programmatic security. Secure Enterprise JavaBeans (EJB) applications: Java 2 Platform, Enterprise Edition (J2EE) authorization Documentation linkDocumentation

 

Blank
Presentation link Tell me

 

Blank

 

Blank
Use any of the available methods to integrate message-level security into an application serving environment. Web services security for WebSphere Application Server is based on a set of standards that are included in the Web services security (WS-Security) specification. These standards address how to provide protection for messages that are exchanged in a Web services environment. The set of specification defines the core facilities for protecting the integrity and confidentiality of a message and provides mechanisms for associating security-related claims with the message. Use Web services security (WS-Security) Documentation linkDocumentation Show me demonstration link Show me Presentation link Tell me

 

Blank

 

Blank
Java 2 security is disabled by default, but is enabled automatically when global security is enabled. Your decision to use Java 2 security is independent of your decision to use J2EE role-based authorization. Java 2 security provides an extra level of access control protection on top of the J2EE role-based authorization and addresses the protection of system resources and APIs. Enable Java 2 security Documentation linkDocumentation

 

Blank
Presentation link Tell me

 

Blank

 

Blank
If you plan to write a login module that adds information to the Subject of a system login, refer to this topic for the main Java Authentication and Authorization Service (JAAS) plug-in points for configuring system logins. Developing custom login modules Documentation linkDocumentation

 

Blank

 

Blank

 

Blank

 

Blank
Applications access many resources for data access, messaging, mail, and other purposes. Enable resource security (overview)

 

Blank

 

Blank
Presentation link Tell me

 

Blank

 

Blank
Secure the Java DataBase Connectivity (JDBC) data sources and Java 2 Connector (J2C) resources that are used by applications to access data. Enable resource security: J2C and JDBC data sources

 

Blank

 

Blank
Presentation link Tell me

 

Blank

 

Blank
Secure the Java Message Service (JMS) resources that are used by applications to obtain messaging support. Enable resource security: JMS resources Documentation link Documentation

 

Blank
Presentation link Tell me

 

Blank

 

Blank

Secure the application hosting environmentThe counterpart of securing your applications before and after deployment is to secure the server hosting environment into which the applications are deployed.

Use the administrative console to assign users to administrative roles. Secure the administrative environment
Related documentation topics:
Documentation link Documentation

 

Blank
Presentation link Tell me Guided activity linkGuide me

 

Blank
Scripting is a non-graphical alternative that you can use to configure and manage WebSphere Application Server. Use the WebSphere Application Server wsadmin tool to run scripts. The wsadmin tool supports a full range of product administrative activities. Configure security with wsadmin scripting Documentation link Documentation (AdminControl)

 

Blank

 

Blank

 

Blank

 

Blank
Configuring global security applies to all applications running in the environment and determines whether security is used, the type of registry against which authentication takes place, and other values (many of which act as defaults). Configure global security Documentation link Console documentation | Scripting documentation

 

Blank
Presentation link Tell me Guided activity link Guide me

 

Blank
Configure the product to authenticate users against the local operating system user registry. The product provides and supports the implementation for Windows operating system registries, AIX, Solaris, z/OS (using the SAF interface) and multiple versions of Linux operating systems. The respective operating system APIs are called by the product processes or servers for authenticating a user and other security-related tasks, for example, getting user or group information. Authenticate users with the local operating system user registry Documentation link Documentation Show me demonstration link Show me Presentation link Tell me Guided activity linkGuide me

 

Blank
Configure the product to authenticate users against a Lightweight Directory Access Protocol (LDAP) user registry. The product provides and supports implementation of most major LDAP directory servers, which can act as the repository for user and group information. These LDAP servers are called by the product processes or servers for authenticating a user and other security-related tasks, for example, getting user or group information. This support is provided by using different user and group filters to obtain the user and group information. These filters have default values that you can modify to fit your needs. The custom LDAP feature enables you to use any other LDAP server, which is not in the product-supported list of LDAP servers, for its user registry by using the appropriate filters. Authenticate users with an LDAP user registry Documentation link Documentation Show me demonstration link Show me Presentation link Tell me Cheat sheet linkGuide me

 

Blank
After you implement the UserRegistry interface, you can configure the product to use your custom user registry to authenticate users. Your custom user registry can be supplied by a external security provider to enable the provider's solution, or you can write your own customer user registry. You can configure the product to use the customer user registry to handle authentication of users. Authenticate with a custom user registry Documentation link Documentation Show me demonstration link Show me Presentation link Tell me Guided activity link Guide me

 

Blank
With single signon (SSO) support, Web users can authenticate once when accessing Web resources across multiple WebSphere Application Servers. Form login mechanisms for Web applications require that SSO is enabled. Set up single signon (SSO) Documentation link Documentation

 

Blank

 

Blank

 

Blank

 

Blank
Secure Sockets Layer (SSL) is used by multiple components within WebSphere Application Server to provide trust and privacy. Users of the SSL include the built-in HTTP transport, the Object Request Broker (ORB),  and the secure LDAP client. Set up Secure Sockets Layer (SSL) between remote servers or clients and servers Documentation link Documentation Show me demonstration link Show me

 

Blank

 

Blank

 

Blank
Configure Common Secure Interoperability Version 2 (CSIv2) features including SSL client certificate authentication, message layer authentication, identity assertion, and security attribute propagation. Set up CSIv2 Documentation link Documentation

 

Blank
Presentation link Tell me

 

Blank

 

Blank
Configure the product to use an external security provider you have set up to work with WebSphere Application Server that can support J2EE authorization based on the Java Authorization Contract for Containers (JACC) specification. Configure an authorization provider Documentation link Documentation

 

Blank
Presentation link Tell me

 

Blank

 

Blank
Troubleshoot several types of problems that are related to enabling or configuring security. Troubleshoot the security subsystem Documentation linkDocumentation

 

Blank

 

Blank

 

Blank

 

Blank
Legend for "How do I?..." links
Detailed steps Documentation link Show meShow Me demonstration link Tell mePresentation link Guide meGuided activity link Teach meTutorial link
Refer to the detailed steps and reference Watch a brief multimedia demonstration View the presentation for an overview Be led through the console pages Perform the tutorial with sample code
Approximate time: Varies Approximate time: 3 to 5 minutes Approximate time: 10 minutes+ Approximate time: 1/2 hour+ Approximate time: 1 hour+



Related concepts
welc6productov.html

Concept topic    

Terms of Use | Feedback

Last updated: Dec 11, 2005 4:07:15 PM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/welc_howdoi_tsec.html

© Copyright IBM Corporation 2003, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)