InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.1: Security features
This section briefly describes some of the features of WebSphere
Application Server that you can use to secure your applications.
The security system has two facets. First, it enables administrators
to define security policies to establish control of resources.
Administrators use security policies to tell WebSphere Application
Server how security is to be handled. The security system also provides
built-in security services to enforce the policies.
Note: WebSphere Application Server
only supports HP-UX platfroms with non-trusted
mode.
HP-UX platforms with trusted mode are not
supported.
The IBM WebSphere Application Server security system provides a number
of features, including the following:
- Authentication policies and services
- Authentication is the process of verifying that users are who they
say they are. You can indicate how you want WebSphere Application
Server to verify the identity of users who try to access your resources.
- Authorization policies and services
- Authorization is the process of determining what a user is allowed
to do with a resource. You can specify policies that give different
users differing levels of access to your resources. If you define
authorization policies, WebSphere Application Server will enforce
them for you.
- A unified security administration model
- The different components of WebSphere Application Server use the
same model for security, so after you learn how to set up security for
one type of resource, you can apply that knowledge to other resources.
Servlets, JSP files, and Web pages are all administered
similarly in terms of security.
You can combine all of these resources into an application for which
you also establish security.
- Password encoding in configuration files
- Several of the WebSphere configuration files
contain user IDs and passwords. These are
needed at run time to access external secure
resources such as databases. Passwords are
encoded, not encrypted, to deter casual observation
of sensitive information. Password encoding
combined with proper operating system file
system security is intended to protect the
passwords stored in these files. The following
is a list of files that contain encoded,
but unencrypted passwords:
- sas.server.props
- sas.client.props
- admin.config
- ear/META-INF/ibm_application_bnd.xml
|
|