InfoCenter Home >
5: Securing applications -- special topics

5: Securing applications -- special topics

IBM WebSphere Application Server provides security components that provide or collaborate with other services to provide authentication, authorization, delegation, and data protection. WebSphere Application Server also supports the security features described in the Java 2 Enterprise Edition (J2EE) specification. Security elements in your WebSphere environment are discussed in article 5.1.

Security is established at two levels. The first level is global security. Global security applies to all applications running in the environment and determines whether security is used at all, the type of registry against which authentication takes place, and other values, many of which act as defaults.

The second level is application security. Application security, which can vary with each application, determines the requirements specific to the application. In some cases, these values can override global defaults. Application security includes settings like mechanisms for authenticating users and authorization requirements.

Security information is supplied in one of two places. Security information is classified as global, which applies to all applications running in the environment, or application-specific, which is tailored to individual applications. Global security is administered by using the WebSphere administrative console; application security is administered during the assembly phase by using the application assembly tool (AAT) and during the deployment phase by using the administrative console and the wscp tool.

Information about the standard security tasks appears in 6.6.18: Securing applications. General administrative tasks, including standard global-security tasks, are described in 6.6.0.1: Using the Java administrative console. The application assembly tool is covered in 6.3: Using the application assembly tool.

The rest of the material in this section concentrates on more specialized issues related to security. Some of these are programmatic in nature, and some are administrative. The discussions assume familiarity with general security procedures in the WebSphere Application Server environment.

Article 5.1, The WebSphere security components gives an overview of WebSphere Application Server security.

Article 5.2, Using a custom registry describes how to use a custom registry within WebSphere Application Server for authentication of users. This allows sites to provide support for user registries not explicitly supported by WebSphere itself.

Article 5.3, Changes to security describes changes in security since the previous version of WebSphere Application Server.

Article 5.4, Using programmatic and custom login describes the use of programmatic client and server login routines that work with the authentication policies and other settings specified by the administrator of WebSphere Application Server. This allows sites to customize the way in which authentication information is collected from users.

Article 5.5, Certificate-based authentication provides an introduction to the concepts of certificate-based authentication and its use in the WebSphere environment. This includes a discussion of general cryptographic concepts like public-key encryption and digital signatures as well as information on the use of certificates in the WebSphere environment, tools for managing certificates and keys, and other related topics:

Article 5.6, Establishing trust association with a reverse proxy server describes how to use a reverse proxy server to perform authentication for applications within WebSphere Application Server.

Article 5.7, The Secure Association Service describes the Secure Association Service (SAS), which plays a crucial role in security for WebSphere Application Server. It also provides reference material on security-related properties.

Article 5.8, Single sign-on support between WebSphere Application Server and Lotus Domino, describes the single sign-on (SSO) capability and describes how to configure it between WebSphere Application Server and Lotus Domino.

Go to previous article: Developing custom services Go to next article: Security components

 

 
Go to previous article: Developing custom services Go to next article: Security components