InfoCenter Home >
5: Securing applications -- special topics

5: Securing applications -- special topics

IBM WebSphere Application Server provides security components that provide or collaborate with other services to provide authentication, authorization, delegation, and data protection. Security elements in your WebSphere environment are discussed in article 5.1.

Security is established at two levels. The first level is global security. Global security applies to all applications running in the environment and determines whether security is used at all, the type of registry against which authentication takes place, and other values, many of which act as defaults.

The second level is application security. Application security, which can vary with each application, determines the requirements specific to the application. In some cases, these values can override global defaults. Application security includes settings like mechanisms for authenticating users and authorization requirements.

Security information is supplied in one of two places. Security information is classified as global, which applies to all applications running in the environment, or application-specific, which is tailored to individual applications. Global security is administered by using the WebSphere administrative console; application security is administered during the assembly phase by using the application assembly tool (AAT) and during the deployment phase by using the administrative console and the wscp tool.

Information about the standard security tasks appears in 6.6.18: Securing applications. General administrative tasks, including standard security tasks, are described in 6.6.0.3: Web administrative console overview. The application assembly tool is covered in 6.3: Using the application assembly tool.

The rest of the material in this section concentrates on more specialized issues related to security. Some of these are programmatic in nature, and some are administrative. The discussions assume familiarity with general security procedures in the WebSphere Application Server environment.

Article 5.3, Changes to security describes changes in security since the previous version of WebSphere Application Server.

Article 5.4, Using programmatic and custom login describes the use of programmatic client and server login routines that work with the authentication policies and other settings specified by the administrator of WebSphere Application Server. This allows sites to customize the way in which authentication information is collected from users.

Article 5.5, Certificate-based authentication provides an introduction to the concepts of certificate-based authentication and its use in the WebSphere environment. This includes a discussion of general cryptographic concepts like public-key encryption and digital signatures as well as information on the use of certificates in the WebSphere environment, tools for managing certificates and keys, and other related topics:

  • 5.5.6: Tools for managing certificates and keys documents WebSphere Application Server's command-line and GUI certificate and key management tools. It also includes common procedures for managing certificates and keys with the tools.

Article 5.7, The Secure Association Service describes the Secure Association Service (SAS), which plays a crucial role in security for WebSphere Application Server. It also provides reference material on security-related properties.

Go to previous article: Developing custom services Go to next article: Security components

 

 
Go to previous article: Developing custom services Go to next article: Security components