Task overview: Securing resources
WebSphere Application Server supports the Java Platform, Enterprise Edition (Java EE) model for creating, assembling, securing,
and deploying applications. Applications are often created, assembled,
and deployed in different phases and by different teams.
Setting up, enabling and migrating security
You must address several issues prior to authenticating
users, authorizing access to resources, securing applications, and
securing communications. These security issues include migration,
interoperability, and installation.
Configuring multiple security domains
By default, all administrative and user applications in WebSphere Application Server
use the global security configuration. For example, a user registry
defined in global security is used to authenticate users for every
application in the cell. Out-of-the-box, this behavior is the same
as it was in previous releases of WebSphere Application
Server. You can create additional WebSphere security domains if you
want to specify different security attributes for some or all of your
user applications. This section describes how to configure a security
domain by using the administrative console.
Authenticating users
The process of authenticating users involves a user registry
and an authentication mechanism. Optionally, you can define trust
between WebSphere Application Server and a proxy
server, configure single sign-on capability, and specify how to propagate
security attributes between application servers.
Authorizing access to resources
WebSphere Application Server provides many
different methods for authorizing accessing resources. For example,
you can assign roles to users and configure a built-in or external
authorization provider.
Securing communications
WebSphere Application Server provides several
methods to secure communication between a server and a client.
Developing extensions to the WebSphere security infrastructure
WebSphere Application Server provides various
plug points so that you can extend the security infrastructure. Extending
this security infrastructure involves several activities including:
Developing custom user registries, developing applications that use
programmatic security, and customizing web application login forms.
Auditing the security infrastructure
You can use the Auditing Facility to report and track auditable
events to ensure the integrity of your system.
Troubleshooting security configurations
The following topics help to troubleshoot specific problems
that are related to configuring and enabling security configurations.
Directory conventions
References in product information to app_server_root, profile_root,
and other directories imply specific default directory locations.
Become familiar with the conventions in use for WebSphere Application
Server.
Securing Client applications
This page provides a starting point for finding information
about application clients and client applications. Application clients
provide a framework on which application code runs, so that your client
applications can access information on the application server.
Securing Data access resources
This page provides a starting point for finding information
about data access. Various enterprise information systems (EIS) use
different methods for storing data. These backend data stores might
be relational databases, procedural transaction programs, or object-oriented
databases.
Securing EJB applications
This page provides a starting point for finding information
about enterprise beans.
Securing Messaging resources
This page provides a starting point for finding information
about the use of asynchronous messaging resources for enterprise applications
with WebSphere Application Server.
Securing Mail, URLs, and other Java EE resources
This page provides a starting point for finding information
about resources that are used by applications that are deployed on
a Java Enterprise Edition (Java EE)-compliant application server.
They include:
Securing OSGi applications
This page provides a starting point for finding out how
to secure OSGi applications.
Securing Portlet applications
This page provides a starting point for finding information
about portlet applications, which are special reusable Java servlets
that appear as defined regions on portal pages. Portlets provide access
to many different applications, services, and web content.
Securing Service integration
This page provides a starting point for finding information
about service integration.
Securing a service map
This page provides a starting point for finding out how
to secure a service map.
Securing Session Initiation Protocol (SIP) applications
This page provides a starting point for finding information
about SIP applications, which are Java programs that use at least
one Session Initiation Protocol (SIP) servlet written to the JSR 116
specification.
Securing web applications
This page provides a starting point for finding information
about web applications, which are comprised of one or more related
files that you can manage as a unit, including:
Securing web services
This page provides a starting point for finding information
about web services.
Task overview: Securing resources
WebSphere Application Server supports the Java Platform, Enterprise Edition (Java EE) model for creating, assembling, securing,
and deploying applications. Applications are often created, assembled,
and deployed in different phases and by different teams.
Setting up, enabling and migrating security
You must address several issues prior to authenticating
users, authorizing access to resources, securing applications, and
securing communications. These security issues include migration,
interoperability, and installation.
Configuring multiple security domains
By default, all administrative and user applications in WebSphere Application Server
use the global security configuration. For example, a user registry
defined in global security is used to authenticate users for every
application in the cell. Out-of-the-box, this behavior is the same
as it was in previous releases of WebSphere Application
Server. You can create additional WebSphere security domains if you
want to specify different security attributes for some or all of your
user applications. This section describes how to configure a security
domain by using the administrative console.
Authenticating users
The process of authenticating users involves a user registry
and an authentication mechanism. Optionally, you can define trust
between WebSphere Application Server and a proxy
server, configure single sign-on capability, and specify how to propagate
security attributes between application servers.
Authorizing access to resources
WebSphere Application Server provides many
different methods for authorizing accessing resources. For example,
you can assign roles to users and configure a built-in or external
authorization provider.
Securing communications
WebSphere Application Server provides several
methods to secure communication between a server and a client.
Developing extensions to the WebSphere security infrastructure
WebSphere Application Server provides various
plug points so that you can extend the security infrastructure. Extending
this security infrastructure involves several activities including:
Developing custom user registries, developing applications that use
programmatic security, and customizing web application login forms.
Auditing the security infrastructure
You can use the Auditing Facility to report and track auditable
events to ensure the integrity of your system.
Troubleshooting security configurations
The following topics help to troubleshoot specific problems
that are related to configuring and enabling security configurations.
Directory conventions
References in product information to app_server_root, profile_root,
and other directories imply specific default directory locations.
Become familiar with the conventions in use for WebSphere Application
Server.
Securing Client applications
This page provides a starting point for finding information
about application clients and client applications. Application clients
provide a framework on which application code runs, so that your client
applications can access information on the application server.
Securing Data access resources
This page provides a starting point for finding information
about data access. Various enterprise information systems (EIS) use
different methods for storing data. These backend data stores might
be relational databases, procedural transaction programs, or object-oriented
databases.
Securing EJB applications
This page provides a starting point for finding information
about enterprise beans.
Securing Messaging resources
This page provides a starting point for finding information
about the use of asynchronous messaging resources for enterprise applications
with WebSphere Application Server.
Securing Mail, URLs, and other Java EE resources
This page provides a starting point for finding information
about resources that are used by applications that are deployed on
a Java Enterprise Edition (Java EE)-compliant application server.
They include:
Securing OSGi applications
This page provides a starting point for finding out how
to secure OSGi applications.
Securing Portlet applications
This page provides a starting point for finding information
about portlet applications, which are special reusable Java servlets
that appear as defined regions on portal pages. Portlets provide access
to many different applications, services, and web content.
Securing Service integration
This page provides a starting point for finding information
about service integration.
Securing a service map
This page provides a starting point for finding out how
to secure a service map.
Securing Session Initiation Protocol (SIP) applications
This page provides a starting point for finding information
about SIP applications, which are Java programs that use at least
one Session Initiation Protocol (SIP) servlet written to the JSR 116
specification.
Securing web applications
This page provides a starting point for finding information
about web applications, which are comprised of one or more related
files that you can manage as a unit, including:
Securing web services
This page provides a starting point for finding information
about web services.