WebSphere® Application Server supports the Java Platform, Enterprise Edition (Java EE) model for creating, assembling, securing,
and deploying applications. Applications are often created, assembled,
and deployed in different phases and by different teams.
About this task
You can secure resources in a Java EE
environment by following the required high-level steps. Consult the Java EE specifications for complete details.
Procedure
- Set up and enable security. You must address
several issues prior to authenticating users, authorizing access to
resources, securing applications, and securing communications. These
security issues include migration, interoperability, and installation.
After installing WebSphere Application Server, you must
determine the proper level of security that is needed for your environment.
For more information, see Setting up, enabling and migrating security.
- Configure multiple domains. Security domains
enable you to define multiple security configurations for use in your
environment. For example, you can define different security (such
as a different user registry) for user applications than for administrative
applications. You can also define separate security configurations
for user applications deployed to different servers and clusters.
For more information, see Configuring multiple security domains
- Authenticate users. The process of authenticating
users involves a user registry and an authentication mechanism. Optionally,
you can define trust between WebSphere Application Server
and a proxy server, configure single sign-on capability, and specify
how to propagate security attributes between application servers.
For more information, see Authenticating users.
- Authorize access to resources. WebSphere Application
Server provides many different methods for authorizing accessing resources.
For example, you can assign roles to users and configure a built-in
or external authorization provider. For more information, see Authorizing access to resources.
- Develop extensions to the WebSphere security
infrastructure. WebSphere Application Server
provides various plug points so that you can extend the security infrastructure.
For more information, see Developing extensions to the WebSphere security infrastructure.
- Secure various types of WebSphere applications.
See Securing WebSphere applications for
tasks involving developing, deploying, and administering secure applications,
including Web applications, Web services, and many other types. This
section highlights the security concerns and tasks that are specific
to each type of application.
Results
Your applications and production environment are secured.
Example
See the Security: Resources for learning article for more
information on the WebSphere Application Server
security architecture.