In a WebSphere Process Server environment there are many communications
which occur: from a browser on the Internet, through Web servers and product
servers, to the enterprise data at the back-end. All of these communication
links require consideration if the entire environment is to be secure. Typical
configurations and common security practices are described.
Before you begin
Why and when to perform this task
Complete the following steps to plan the security of your environment.Steps for this task
- Review the WebSphere Process Server security architecture.
- Review each of the following topics in the WebSphere
Application Server Information Center.
- Global security and server security
- Authentication protocol for EJB security
- Supported authentication protocols
- Common Secure Interoperability Version 2 features
- Identity assertion
- Authentication mechanisms
- Lightweight Third Party Authentication settings
- Trust associations
- Single signon
- User registries
- Local operating system user registries
- Lightweight Directory Access Protocol
- Custom user registries
- Java 2 security
- Java 2 security policy files
- Java Authentication and Authorization Service
- J2EE connector security
- Access control exception
- Role-based authorization
- Administrative console and naming service authorization
- Secure Sockets Layer
- Authenticity
- Confidentiality
- Integrity