Securing applications and their environment: Overview

WebSphere Process Server supports the Service Component Architecture (SCA) as well as the Java 2 Platform, Enterprise Edition (J2EE) model for creating, assembling, securing, and deploying applications. This topic provides a high-level description of what is involved in securing resources in a SCA or J2EE environment. Applications are often created, assembled, and deployed in different phases and by different teams.

Before you begin

You should be familiar with the J2EE or SCA specifications before beginning this task.

Why and when to perform this task

Secure your applications and their environment by taking the following steps.

Steps for this task

  1. Plan to secure your applications and environment.

    For more information, see Planning to secure your environment. Complete this step before you install WebSphere Application Server.

  2. Consider pre-installation and post-installation requirements.

    For more information, see Security considerations during installation. For example, during this step, you learn how to protect security configurations after you install the product.

  3. Develop secured applications.

    For more information, see Developing secured applications.

  4. Assemble the secured applications.

    For more information, see Assembling secured applications. Assembly tools are used to assemble J2EE modules and to set the attributes in the deployment descriptors.

    Most of the steps in assembling J2EE applications involve deployment descriptors; deployment descriptors play a central role in application security in a J2EE environment.

    Application assemblers combine J2EE modules, resolve references between them, and create from them a single deployment unit, typically an Enterprise Archive (EAR) file. Component providers and application assemblers can be represented by the same person.

  5. Deploy secured applications.

    For more information, see Deploying (installing) secure applications. The deployer link entities referred to in an enterprise application are mapped to the runtime environment.

    The deployer:
    • Maps actual users and groups to application roles
    • Installs the enterprise application into the environment
    • Makes the final adjustments needed to run the application
  6. Test secured applications.

    For more information, see Testing security.

  7. Manage security configurations.

    For more information, see Administering security.

  8. Optimize performance by tuning security configurations.

    For more information, see Tuning Security Configurations.

  9. Troubleshoot security configurations.

    For more information, see Troubleshooting Security.

Result

Your applications and production environment are secured.

Terms of use |

Last updated:

Copyright IBM Corporation 2005.
This information center is powered by Eclipse technology (http://www.eclipse.org)