IBM
® WebSphere
® Application Server
provides security components that provide or collaborate with other
services to provide authentication, authorization, delegation, and
data protection. WebSphere Application Server also supports
the security features that are described in the Java™ Platform,
Enterprise Edition (Java EE)
specification. An application goes through three stages before it
is ready to run:
- Development
- Assembly
- Deployment
Most of the security for an application is configured during
the assembly stage. The security that is configured during the assembly
stage is called
declarative security because the security is
declared or
defined in
the deployment descriptors. The declarative security is enforced by
the security runtime. For some applications, declarative security
is not sufficient to express the security model of the application.
For these applications, you can use
programmatic security.