Web component security
A web module consists of servlets, JavaServer Pages (JSP)
files, server-side utility classes, static web content, which includes
HTML, images, sound files, cascading style sheets (CSS), and client-side
classes or applets. You can use development tools such as Rational® Application
Developer to develop a web module and enforce security at the method
level of each web resource.
Securing web applications using an assembly tool
You can use three types of web login authentication mechanisms
to configure a web application: basic authentication, form-based authentication
and client certificate-based authentication. Protect web resources
in a web application by assigning security roles to those resources.
Security settings
Use the administrative console to modify the security settings
for all applications.
Assigning users and groups to roles
You can assign users and groups to roles if you are using WebSphere® Application Server authorization
for Java Platform, Enterprise Edition (Java EE) roles.
Securing applications during assembly and deployment
Several assembly tools exist that are graphical user interfaces
for assembling enterprise or Java Platform,
Enterprise Edition (Java EE)
applications. You can use these tools to assemble an application and
secure Enterprise JavaBeans (EJB) and web modules
in that application.
User profiles and authorities
WebSphere Application Server uses two OS/400® user
profiles by default, QEJB and QEJBSVR.