The product plays an integral part of the multiple-tier
enterprise computing framework. Based on open architecture, this product provides
many plug-in points to integrate with enterprise software components to provide end-to-end
security. Security
infrastructure and mechanisms protect application and administrative resources, for enterprise security.
- Securing applications and their environments
-
WebSphere Application Server supports the Java 2 Platform, Enterprise Edition (J2EE) model for
creating, assembling, securing, and deploying applications. This article provides a high-level
description of what is involved in securing resources in a J2EE environment. Applications are
often created, assembled, and deployed in different phases, by people in different roles.
- Setting up and enabling security
-
You must address several issues prior to authenticating users,
authorizing access to resources, securing applications, and securing communications.
These security issues include migration, interoperability, and installation.
After installing WebSphere Application Server, you must determine the proper
level of security that is needed for your environment.
- Authenticating users
-
The process of authenticating users involves a user registry and
an authentication mechanism. Optionally, you can define trust
between WebSphere Application Server and a proxy server, configure single
sign-on capability, and specify how to propagate security attributes between
application servers.
- Authorizing access to resources
-
WebSphere Application Server provides many different methods for
authorizing accessing resources. For example, you can assign roles to users
and configure a built-in or external authorization provider.
- Securing communications
-
WebSphere Application Server provides several methods to secure
communication between a server and a client.
- Developing extensions to the WebSphere security infrastructure
-
WebSphere Application Server provides various plug points so that
you can extend the security infrastructure.
- Configuring security with scripting
- This section describes security using administrative scripting, an alternative
to using the administrative console.
- Securing WebSphere applications
- This section provides security instructions that are specific to the various
types of applications, such as Web applications or Web services.
In the navigation tree, expand Securing applications and their environment > Securing WebSphere applications to view the contents of this section.
- Tuning, hardening, and maintaining
-
After you have installed WebSphere Application Server, there are
several considerations for tuning, strengthening, and maintaining your security
configuration.
- Troubleshooting security configurations
-
Troubleshoot specific problems that are related to configuring and enabling security configurations.