Overview and new features for securing applications and their environment
What is new for security specialists
This topic provides an overview of new and changed features in security.
WebSphere security architecture
This IBM Education Assistant presentation provides an overview of the
security architecture. Additional presentations are available that focus on
the following concepts:
Introduction: Security
This topic describes how IBM WebSphere Application Server provides
security infrastructure and mechanisms to protect sensitive Java 2 Platform,
Enterprise Edition (J2EE) resources and administrative resources and to address
enterprise end-to-end security requirements on authentication, resource access
control, data integrity, confidentiality, privacy, and secure interoperability.
Security integration overview
This topic describes how the product security features relate to the
security features of the environment into which you have added application
serving capability.
Security planning overview
Several communication links are provided from a browser on the Internet,
through Web servers and product servers, to the enterprise data at the back-end.
This topic examines some typical configurations and common security practices.
WebSphere Application Server security is built on a layered security architecture.
This section also examines the security protection offered by each security
layer and common security practice for good quality of protection in end-to-end
security.
Samples
|
The Samples Gallery offers:
- Login - Form Login
The Form Login Sample demonstrates a very
simple example of how to use the login facilities for WebSphere Application
Server to implement and configure login applications. The Sample uses the
Java 2 Platform, Enterprise Edition (J2EE) form-based login technology to
customize the look and feel of the login screens. It uses servlet filters
to log the user information and the date information. The Sample finishes
the session by using the form-based logout function, an IBM extension to the
J2EE specification.
- Login - JAAS Login
The JAAS Login Sample demonstrates how to
use the Java Authentication and Authorization Service (JAAS) with WebSphere
Application Server. The Sample uses server-side login with JAAS to authenticate
a real user to the WebSphere security run time. Based upon a successful login,
the WebSphere security run time uses the authenticated Subject to perform
authorization checks on a protected stateless session enterprise bean. If
the Sample runs successfully, it displays all the principals and public credentials
of the authenticated user.
|
|
