InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.1a: Summary of security settings with the Java administrative console

6.6.18.1a: Summary of security settings with the Java administrative console

Use the Security Center task wizard to specify global and default security settings for all applications:

  • Global settings apply to existing and future applications and cannot be customized.
  • Default settings apply only to future applications and can be customized.

The default settings are used as a template or starting point for configuring individual applications. The administrator should still explicitly configure security settings for each application.

Task Wizard page description Global or default?
Enable security; specify how long to cache authentication lookup results 6.6.18.1a.1: General Global
Specify how to authenticate users 6.6.18.1a.2: Authentication Default
Select users and groups for roles 6.6.18.1a.3: Role Mapping Global
Assign one user to each role 6.6.18.1a.4: Run As Role Mapping Global
Select users and groups for administrative roles 6.6.18.1a.5: Administrative Roles Global
Making LTPA-secured calls across WebSphere domains 6.6.18.1a.6: Authentication Global
Configuring SSL support 6.6.18.1a.7: General Default

IBM WebSphere Application Server provides security at several levels. The security characteristics of an individual application can come from any of these levels. At the most general level are the global security characteristics set up to act as application defaults. This file briefly describes these global values.

In WebSphere, the global defaults for security apply to all applications. Some of the values can be changed on an application-by-application basis, and others remain constant across all applications.

An example of a value that can be set on a per-application basis is the type of authentication procedure. You must establish a default procedure, but this value is used for applications that do not explicitly indicate how they will authenticate users.

An example of value that cannot be changed on a per-application basis is whether to ignore security or not. In Application Server, security is either enabled or disabled. If it is enabled, all applications are secured according to their configurations. If security is disabled, all applications run unsecurely, regardless of their configurations.

Go to previous article: Enabling security with the Java administrative console Go to next article: Avoiding known security risks in the runtime environment

 

 
Go to previous article: Enabling security with the Java administrative console Go to next article: Avoiding known security risks in the runtime environment