You must address several issues prior to authenticating
users, authorizing access to resources, securing applications, and
securing communications. These security issues include migration,
interoperability, and installation.
About this task
After installing WebSphere Application Server, you can determine
the proper level of security that is needed for your environment.
By default, administrative security is enabled and provides the authentication
of users using the WebSphere administration functions, the use of
Secure Sockets Layer (SSL), and the choice of user account repository.
![[Updated in June 2011]](../../delta.gif)
You can also use the following permissions to enhance
security:
- Use the getSSLConfig permission to give your application code
the ability to call several of the JSSEHelper methods. For more information about these methods, see the description of the
com.ibm.websphere.ssl.JSSEHelper API in the Programming interfaces section of the Information Center.
- Use the AdminPermission permission to give your application code
the ability to call WebSphere Application Server administrative APIs.
See the topic Setting Java 2 security permissions for an example of
how to set this permission.
- Use the accessRuntimeClasses permission to give your application
code the ability to load classes that are included with the product.
If you are operating in an environment that normally restricts access
to these classes, this permission enables your application code to
bypass this restriction during class loading. See the topic Global
security settings for a description of how to set this permission.
![[Updated in June 2011]](../../deltaend.gif)
jun2011
The following information is covered in this section:
Procedure
Enable security for all your application
servers or for specific application servers in your realm. For more information, see Enabling security.
What to do next
After installing WebSphere Application Server and securing
your environment, you must authenticate users. For more information,
see
Authenticating users.