The National Institute of Standards and Technology (NIST) has developed Common Criteria to ensure you have a safe option for downloading software to use on your systems. Information held by IT products or systems is a critical resource that enables organizations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain private, be available to them as needed, and not be subject to unauthorized modification. IT products or systems should perform their functions while exercising proper control of the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover prevention and mitigation of these and similar hazards.
Many consumers of IT lack the knowledge, expertise or resources necessary to judge whether their confidence in the security of their IT products or systems is appropriate, and they may not wish to rely solely on the assertions of the developers. Consumers may therefore choose to increase their confidence in the security measures of an IT product or system by ordering an analysis of its security (in other words, a security evaluation).
To use WebSphere® Application Server in the Common
Criteria EAL4 evaluated configuration, obtain the EAL4 Guidance document
from the IBM® WebSphere Application Server
V7.0.0.19 - Common Criteria support page. The document describes
how to install and configure WebSphere Application Server in the evaluated
configuration and how to manage and deploy applications into the evaluated
configuration.
See Naming roles for the list of interface methods that are supported and are relevant to security.
Class | Method | Messaging role required | Behavior on security exception | Notes® |
javax.jms.Session | createProducer | sender | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.Session | createConsumer | receiver | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.Session | createDurableSubscriber | receiver | Throws JMSSecurityException wrapping SINotAuthorizedException | 1,3,4 |
javax.jms.Session | createBrowser | browser | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.Session | createTemporaryQueue | creator | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.Session | createTemporaryTopic | creator | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.Session | unsubscribe | Throws JMSSecurityException wrapping SINotAuthorizedException | 2,3,4 | |
javax.jms.MessageProducer | send | sender | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.MessageConsumer | receive | receiver | Throws JMSException wrapping SINotAuthorizedException | 3,4 |
javax.jms.MessageConsumer | receiveNoWait | receiver | Throws JMSException wrapping SINotAuthorizedException | 3,4 |
javax.jms.QueueBrowser | getEnumeration | browser | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.ConnectionFactory | createConnection | connector | Throws JMSSecurityException wrapping either SINotAuthorizedException or SIAuthenticationException | 3,4 |
javax.jms.QueueSession | createReceiver | receiver | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.QueueSession | createSender | sender | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.QueueSession | createBrowser | browser | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.QueueSession | createTemporaryQueue | creator | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.QueueSender | send | sender | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.QueueConnectionFactory | createQueueConnection | connector | Throws JMSSecurityException wrapping either SINotAuthorizedException or SIAuthenticationException | 3,4 |
javax.jms.QueueRequestor | constructor | sender, receiver, creator | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.QueueRequestor | request | sender, receiver | Throws JMSSecurityException or JMSException, both wrapping SINotAuthorizedException | 3,4 |
javax.jms.TopicSession | createSubscriber | receiver | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.TopicSession | createDurableSubscriber | receiver | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.TopicSession | createPublisher | sender | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.TopicSession | createTemporaryTopic | creator | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.TopicPublisher | publish | sender | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.TopicConnectionFactory | createTopicConnection | connector | Throws JMSSecurityException wrapping either SINotAuthorizedException or SIAuthenticationException | 3,4 |
javax.jms.TopicRequestor | constructor | sender, receiver, creator | Throws JMSSecurityException wrapping SINotAuthorizedException | 3,4 |
javax.jms.TopicRequestor | request | sender, receiver | Throws JMSSecurityException or JMSException, both wrapping SINotAuthorizedException | 3,4 |
Environment | User ID used |
---|---|
Stand-alone client | User ID specified on createConnection, otherwise null. |
Application server |
|
Application client, using local connection factory |
|
Application client, using server connection factory (deprecated) | User ID specified on createConnection, otherwise null. |
The supported APIs require permissions, as described in TOPIC_NAME? of the WebSphere UDDI Registry documentation.